nanogui: problem when starting "nano-X &"?
Subject:
Re: problem when starting "nano-X &"?
From:
Morten Rolland ####@####.####
Date:
29 Mar 2001 09:52:44 -0000
Message-Id: <3AC3061E.56EE8F31@screenmedia.no>
Greg Haerr wrote:
>
> The Nano-X client library deletes the /tmp/.nano-X file before
> attempting to create another one. If /tmp is writeable by all,
> then running nano-X by different users shouldn't matter, right?
Not quite, if the /tmp directory has the 't' bit set, you need
privileges to write the file itself that you want to remove.
Otherwise, your files on tmp could be removed and replaced with
evil ones by someone else without you knowing it. Removing the
't' bit with 'chmod o-t /tmp' (I think) should solve this problem,
but your /tmp would end up a little non-standard.
The nano-X way of doing this also requires a writeable /tmp,
which you may not want (e.g. start nano-X early before root
is read-write or similar).
It is possible to get rid of the /tmp/.nano-X socket file
altogether on Linux by using "abstract namespace" naming.
Basically, you refer to the name of the "hidden" socket
with a name like:
"\0nano-X-protocol-version-1.1\0\0\0\0...."
Read about it with "main unix". This is a feature I think could
be useful in Nano-X, both to remove a writeable file system, and
reduce the number of pitfalls for users.
I'm not sure if this is a standard POSIX feature or Linux specific.
Best Regards,
Morten Rolland, Screen Media.