On Fri, 2011-01-07 at 11:46 +0000, Richard W.M. Jones wrote: > On Tue, Jan 04, 2011 at 05:42:12PM -0800, Garrett Holmstrom wrote: > > On Tue, Jan 4, 2011 at 4:31 PM, Bernie Innocenti <bernie@xxxxxxxxxxx> wrote: > > > What sort of attack would this enable? > > > > > > Wait... any unprivileged process can create sockets in the abstract > > > namespace? Uh-oh. > > > > Any unprivileged process can prevent you from running X on a given > > display by using up the socket name that X wants to use. This is a > > textbook DOS scenario. > > If we have private /tmp this problem would go away. If we had private /tmp this would not go away, because the user starting the X server is not always the user whose session it belongs to. Putting the socket in gdm's /tmp means it won't be someplace where rjones can get to it. Also because multiple users on the same display is a completely valid use case that people actually do. - ajax -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
