Permissions on key directories/files.

Waldo Bastian bastian at
Sun Mar 21 01:26:39 EET 2004

Hash: SHA1

On Sat March 20 2004 02:02, George wrote:
> On Tue, Mar 16, 2004 at 05:20:36PM +0100, Egbert Eich wrote:
> > If the sticky bit is not set or the ownership of this directory
> > is not root we risk a man-in-the-middle attack. Even if the sticky bit
> > is set the owner of the directory is able to do the attack.
> > Therefore the function that attempts to create these directories
> > (if they don't exist) should fail hard and print a meaningful
> > error message.
> > It should be the responsibility of the install procedure and/or
> > the OS vendor to make sure that these directories exist and have the
> > correct ownership and permissions.
> > Letting x,g,kdm or whatever create these directories is just a
> > convenience fix for people who have a habit to delete those directories.
> Some cleanup tasks might whack those directories.  I think it's robustness
> issue.  Yes it should be handled by the install, but better handle this at
> multiple places to truly ENSURE that it's ok.  gdm currently does the
> /tmp/.ICE-unix dance but not the /tmp/.X11-unix dance, it should perhaps do
> that as well, though I was always sort of expecting the X server to run as
> root and set this up, but I suppose that's not a correct assumption.  Plus
> we should never expect that things will be just set up properly.  For
> example a hard drive failure or some crazy setup might whack the initial
> /tmp settings, we shouldn't fail to be secure in those instances.

failing hard and printing a meaningful error message is secure IMHO.

As far as the robustness goes, if you delete or corrupt random files out 
of /lib your system will not work either, get over it.

- -- 
^ bastian at | Is your software SUSE LINUX READY? | bastian at
Version: GnuPG v1.2.2 (GNU/Linux)


More information about the xdg mailing list