It's kind of hard to believe that this was 'forgotten'.
How is it possible that they never took *basic* (DAC security) security measures against this?
Announcement
Collapse
No announcement yet.
XWayland Hit By Its First Security Advisory: Missing Authentication
Collapse
X
-
TCP socket and UNIX socket are the same thing. The first one is accessed on the basis of the pair <ip-address> and <port>; this means that it is accessible also from another machine (connected by a tcp/ip network). The unix socket is accessed by a filesystem path. When a UNIX socket is created, a coupled special file is created too; an application may accesses the socket if it can access the file: the accessing may filtered by the unix file permission.
As example, the X server when starts, creates a UNIX socket:
ls -l /tmp/.X11-unix/X0
srwxrwxrwx 1 root root 0 Jun 10 18:22 /tmp/.X11-unix/X0
The X client contact the server opening this socket. If an user cannot access the /tmp/.X11-unix/ directory, he cannot access the X server too.
The X server, may open also a TCP socket, so an application from another machine can access the X server. This is useful if you want to run an application on another machine, and you need to interact with a graphical window.
Leave a comment:
-
unix socket is like a tcp socket but instead of ip aadress and a port number you have a file path
Leave a comment:
-
Can anyone explain me what a UNIX socket is? I know TCP sockets, but what's a UNIX socket?
Leave a comment:
-
XWayland Hit By Its First Security Advisory: Missing Authentication
Phoronix: XWayland Hit By Its First Security Advisory: Missing Authentication
(X)Wayland has its first security notice today thanks to a discovery made by a Red Hat developer...
Tags: None
Leave a comment: