Securing Xvfb on a multi-user system

Billy Wilson billy_wilson at
Tue Jan 27 07:39:07 PST 2015


We ended up patching the source as you recommended.

We were a little surprised to discover that tightening the umask or mode 
prior to socket creation did not prevent others from connecting to Xvfb. 
So our second approach was to compare the EUID of the Xvfb process with 
the EUID of the client attempting to connect, and only allow connections 
when they match, effectively limiting users only to the Xvfb instances 
that they started themselves. This doesn't fix the issue of two users 
wanting to use the same DISPLAY number, but telling users to "export 
DISPLAY=:$$" seemed to generally take care of that problem for us. This 
code isn't enough to be included in X right now, but if there is enough 
interest in this feature that it might be included, maybe I can make it 
a configuration option.

I've attached our patch, applied to Xtranssock.c in the xtrans-1.2.7 
source code (don't mind my bad indentation). From what we've tested, it 
appears to work for us. I thought I'd post our solution anyway, in case 
I've overlooked something.


Billy Wilson

On 01/16/2015 08:22 PM, Glynn Clements wrote:

> Billy Wilson wrote:
>> Is there a way to secure Xvfb during an installation from source, such
>> as during ./configure?
> I don't think that you're going to get the behaviour you desire
> without patching the source.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 000-restrict-connections-by-euid.patch
Type: text/x-patch
Size: 1762 bytes
Desc: not available
URL: <>

More information about the xorg mailing list