This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
Re: errors when switching users (security hole?)
- From: Alexander Gottwald <alexander dot gottwald at s1999 dot tu-chemnitz dot de>
- To: Cygwin-Xfree <cygwin-xfree at cygwin dot com>
- Cc: Kris Thielemans <kris dot thielemans at csc dot mrc dot ac dot uk>
- Date: Tue, 24 Feb 2004 13:58:31 +0100 (MET)
- Subject: Re: errors when switching users (security hole?)
- References: <NBBBKKHEOHOEPNCALMIGEEJPDOAA.kris.thielemans@ic.ac.uk>
- Reply-to: cygwin-xfree at cygwin dot com
On Tue, 24 Feb 2004, Kris Thielemans wrote:
> I was trying to use Windows XP's 'switch user' feature and get rather
> amazing results. Here is what I did
>
> - logged in as account 1 (has admin privs), started XFree there (using
> startxwin.bat)
> - switched to another user ('limited privs'), started Xfree there (using
> startxwin.bat)
>
> I get error messages relating to /tmp/.X11-unix (permission denied).
> If you check startxwin.bat, this is indeed a problem. Every user/session
> will use the same filename. my 2nd user does not have permission to mess
> around with the /tmp/.X11-unix created by the first user, so it has
> problems.
>
> Maybe this can be fixed by using /tmp/$USER/.X11-unix or so. But maybe you
> do not want it to be fixed (see below).
>
>
> However, now comes the weird thing.
> I then switched back to account 1. And it has a new Xterm open, which seems
> to be owned by user 2 (that is 'id -un' reports user 2)! I did not really
> check if it has all relevant permissions and so on but it's pretty scary
> anyway!
>
> Do you think user switching could be supported by XFree? (Don't worry if you
> say no. It's not a life-saving requirement for me!)
This is normal behaviour. X11 communication work either via TCP/IP where the
xserver uses port 6000+display number or via unix domain sockets where the
xserver uses the file /tmp/.X11-unix/X${display number}.
If you want to start another xserver as a different user you have to supply
a screen number different from those of all started servers.
eg. if the first server was started with XWin -options then the second should
be started with XWin :1 -options
bye
ago
--
Alexander.Gottwald@s1999.tu-chemnitz.de
http://www.gotti.org ICQ: 126018723
Chemnitzer Linux-Tag 2004 - 6. und 7. März 2004
http://www.tu-chemnitz.de/linux/tag