On 11/16/20 1:30 AM, Keith Packard wrote: > Alan Coopersmith <[email protected]> writes: > >> Since this is now public, we can open up the discussion of how to fix it in >> public as well, and hope we can make more progress than the security list >> did during the embargo phase. > > I've got a proposed fix for this issue in two merge requests, one for > xcb and the other for the X server: > > https://gitlab.freedesktop.org/xorg/lib/libxcb/-/merge_requests/10 > > https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/546 > > These two changes enables code used on Mac OS X for all other platforms. > This code allows the X listen socket to be placed anywhere in the file > system. Systems which currently place that in /tmp are vulnerable to the > bug reported above. Placing this listen socket in a protected location > should prevent un-privileged applications from spoofing the X server for > the user. > > Patches for ssh will be needed to close the security issue when > forwarding X connections through that.
Do those MRs also prevent clients and servers from using abstract sockets? Those are inherently insecure, so support for them should probably just be removed. Additionally, will libX11 also be updated? Sincerely, Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
