[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

slightly-less-privileged command execution

From: joshua stein
Subject: slightly-less-privileged command execution
Date: Fri, 10 Jul 2020 17:47:35 -0500

Ratpoison's IPC mechanism for a remote process requesting a command to be run in Ratpoison only requires X11 window properties with custom Atoms (RP_COMMAND, RP_COMMAND_REQUEST, RP_COMMAND_RESULT) set on a window, which Ratpoison then parses and evaluates.

While this operation requires a process to have a connection to the X11 display, it's possible that the remote process has shed its privileges after connecting and is not able to execute shell commands itself or control the window manager. An unprivileged process with an X11 connection can set RP_COMMAND_REQUEST with a value of "0exec some-command-here" and Ratpoison will exec the command with the privileges of the Ratpoison process.

This may not be a huge security problem due to the requirement of having the X11 connection in the first place, but I thought I'd pass it along as something worth considering to be changed in Ratpoison. I'm not using Ratpoison anymore but in my fork, I've switched to a Unix domain socket for this IPC which requires more privileges than just setting an X11 window property:


reply via email to

[Prev in Thread] Current Thread [Next in Thread]