[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (forw) gksu security bug? (xauth visible to all users)
From: |
Gustavo Noronha Silva |
Subject: |
Re: (forw) gksu security bug? (xauth visible to all users) |
Date: |
Fri, 14 Nov 2003 07:02:28 -0200 |
Em Thu, 13 Nov 2003 13:10:48 -0200, Gustavo Noronha Silva <address@hidden>
escreveu:
> > That is why in my xsudo script, for example, I pipe the cookie to xauth
> > through stdin rather than putting it on the command line:
> >
> > #!/bin/sh
> > xauth nlist $DISPLAY | XAUTHORITY=/tmp/.gksu-XXXXX/.Xauth xauth nmerge -
> > XAUTHORITY=/tmp/.gksu-XXXXX/.Xauth sudo synaptic
> > rm -rf /tmp/.gksu-XXXXX
>
> Yes, the problem here lies on how to make .Xauth only readable for the
> target user... I'm thinking about this with some other friends and maybe
> we can fix this today.
Ok, I found a way of having this very thing done by creating a helper
program that receives the xauth token through a pipe. The problem should
be fixed now, on 0.9.17, which I just released. Thanks.
[]s!
--
address@hidden: Gustavo Noronha <http://people.debian.org/~kov>
Debian: <http://www.debian.org> * <http://www.debian-br.org>
"Não deixe para amanhã, o WML que você pode traduzir hoje!"
http://debian-br.alioth.debian.org/?id=WebWML