jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Fluxbox


From: Olivier Sessink
Subject: Re: [Jailkit-users] Fluxbox
Date: Tue, 12 Apr 2022 23:05:36 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0

On 09-04-2022 03:43, Eric Ratliff wrote:
Thanks Olivier, great points and important for me to consider... I didn't 
realize running xorg could open some security issues.

I'll probably design this a different way w/ that in mind, but I'll admit, my 
curiosity got the best of me and as mental exercise, I want to get this figured 
out.

I tried issuing:
chmod u+s /opt/tech-jail/usr/bin/xinit
chmod u+s /opt/tech-jail/usr/bin/Xorg
chmod u+s /opt/tech-jail/usr/bin/xauth
chmod u+s /opt/tech-jail/usr/bin/xmodmap

just look at the original permissions and copy those. On my (Ubuntu) system it is /usr/lib/xorg/Xorg.wrap that has the setuid bit set

$ stat /usr/lib/xorg/Xorg.wrap

  File: /usr/lib/xorg/Xorg.wrap

  Size: 14488           Blocks: 32         IO Block: 4096   regular file

Device: 801h/2049d      Inode: 4719133     Links: 1

Access: (6755/-rwsr-sr-x)  Uid: (    0/    root)   Gid: (    0/    root)

Access: 2022-04-05 20:42:08.945846754 +0200

Modify: 2021-12-14 15:14:13.000000000 +0100

Change: 2021-12-15 08:36:09.962184393 +0100


[..]
rt_sigsuspend([], 8_XSERVTransmkdir: Owner of /tmp/.X11-unix should be set to 
root

could this be a problem as well?

Olivier

--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]