Announcement

Collapse
No announcement yet.

XWayland Hit By Its First Security Advisory: Missing Authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • XWayland Hit By Its First Security Advisory: Missing Authentication

    Phoronix: XWayland Hit By Its First Security Advisory: Missing Authentication

    (X)Wayland has its first security notice today thanks to a discovery made by a Red Hat developer...

    http://www.phoronix.com/scan.php?pag...d-Missing-Auth

  • #2
    Can anyone explain me what a UNIX socket is? I know TCP sockets, but what's a UNIX socket?

    Comment


    • #3
      unix socket is like a tcp socket but instead of ip aadress and a port number you have a file path

      Comment


      • #4
        TCP socket and UNIX socket are the same thing. The first one is accessed on the basis of the pair <ip-address> and <port>; this means that it is accessible also from another machine (connected by a tcp/ip network). The unix socket is accessed by a filesystem path. When a UNIX socket is created, a coupled special file is created too; an application may accesses the socket if it can access the file: the accessing may filtered by the unix file permission.

        As example, the X server when starts, creates a UNIX socket:

        ls -l /tmp/.X11-unix/X0
        srwxrwxrwx 1 root root 0 Jun 10 18:22 /tmp/.X11-unix/X0

        The X client contact the server opening this socket. If an user cannot access the /tmp/.X11-unix/ directory, he cannot access the X server too.

        The X server, may open also a TCP socket, so an application from another machine can access the X server. This is useful if you want to run an application on another machine, and you need to interact with a graphical window.

        Comment


        • #5
          Originally posted by ReBoot View Post
          Can anyone explain me what a UNIX socket is? I know TCP sockets, but what's a UNIX socket?

          just one of many (older) methods of IPC on Unix (or Linux). 'man mknod' and 'man mkfifo' should give you a better idea. start from there.

          Comment


          • #6
            It's kind of hard to believe that this was 'forgotten'.

            How is it possible that they never took *basic* (DAC security) security measures against this?

            Comment

            Working...
            X