Bug 130769

Summary: X sockets insecure file permissions
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: xorg-x11Assignee: X/OpenGL Maintenance List <xgl-maint>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:05:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2004-08-24 15:30:02 UTC 
There exists an insecure file permissions flaw in the Xorg server
for RHEL2.1 and RHEL3.  When the X server starts, a socket is created
in /tmp/.X11-unix.  The permissions of this file are drwxrwxrwx.

Additionally there are also directories for .font-unix, .ICE-unix
which need proper permissions set as well.

There is a patch for the xfs socket for FC in bug 129622.

This patch creates the xfs socket directory at boot time.  We should
be doing that for all the socket directories.
Comment 1 Bill Nottingham 2004-08-24 15:32:41 UTC 
At this point, it probably should just be moved to the filesystem package.
Comment 2 Mike A. Harris 2004-09-21 05:30:07 UTC 
Bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130762
needs to be kept in sync with this one.
Comment 4 Mike A. Harris 2004-09-24 06:37:57 UTC 

*** This bug has been marked as a duplicate of 130762 ***
Comment 5 Red Hat Bugzilla 2006-02-21 19:05:14 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.