This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 86480 - /tmp/.ICE-unix/ owned by non-root user
/tmp/.ICE-unix/ owned by non-root user
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-23 15:42 EST by NILMONI DEB
Modified: 2007-04-18 12:52 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-09 03:51:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description NILMONI DEB 2003-03-23 15:42:26 EST
Description of problem: 
As explained in 
http://mail.gnome.org/archives/gnome-hackers/2001-September/msg00176.html 
the /tmp/.ICE-unix/ has user:user ownership. This makes it a security issue 
and also delays the startup of GUI. This may be due to a libICE bug ( 
https://listman.redhat.com/pipermail/enigma-list/2002-June/014027.html ) but 
the current culprit is the /etc/rc.sysinit script which has these lines: 
 
# Delete ICE locks 
rm -rf /tmp/.ICE-unix 
 
Even if the ownership of /tmp/.ICE-unix is changed to root:root, at the next 
reboot, these directory is deleted. Now, when X is started, a new 
/tmp/.ICE-unix is created with non-root ownership. 
 
The worksound is to have these lines instead in /etc/rc.sysinit : 
 
# Delete ICE locks 
rm -rf /tmp/.ICE-unix/* 
chown root:root /tmp/.ICE-unix/ 
 
 
Version-Release number of selected component (if applicable): 
 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. start X 
2. check ownership of /tmp/.ICE-unix 
3. 
     
Actual results: 
Non-root ownership of /tmp/.ICE-unix/ 
 
Expected results: 
/tmp/.ICE-unix/ should be owned by root:root 
 
Additional info:
Comment 1 NILMONI DEB 2003-05-01 18:49:46 EDT
The same problem is present it redhat 9. Can somebody make the small change in 
/etc/rc.sysinit and fix this ? 
Comment 4 Mike A. Harris 2004-06-18 12:37:14 EDT
We're tracking this issue in the upstream bug report:
    http://freedesktop.org/bugzilla/show_bug.cgi?id=306

As Jim indicates in his initial comment, the solution for this is
not immediately obvious.  There are a number of approaches that
could be taken, each one carrying various risks to code stability.

We'll follow the progress upstream on this one, and once it's
resolved there, it will eventually make it into newer Red Hat
OS releases once we integrate newer X.Org X11 releases.

For the time being, we might as well add the following:

# Delete ICE locks 
rm -rf /tmp/.ICE-unix
mkdir -p /tmp/.ICE-unix
chown root:root /tmp/.ICE-unix

While it isn't a real solution, it will likely work good enough
for the most part.

Comment 5 Mike A. Harris 2004-06-18 12:38:07 EDT
Bill: Do the changes I propose above look ok to you?
Comment 6 Bill Nottingham 2004-06-28 16:02:37 EDT
Hm, that almost sounds like something should just own the directory.
Comment 7 Kostas Georgiou 2004-06-28 17:52:05 EDT
You probably also want to add chmod 1777 /tmp/.ICE-unix as well
Comment 8 Bill Nottingham 2004-06-28 18:11:43 EDT
Well, if the directory exists, none of the X code will ever a) remove
it b) change the permissions, correct?
Comment 9 Havoc Pennington 2004-06-29 04:16:03 EDT
If we make the package own the dir, maybe it should move to
/var/run/ICE/ ?
Comment 10 Kostas Georgiou 2004-06-29 05:02:28 EDT
I am not quite sure that it can be moved without breaking existing applications.
It is hardcoded in libICE.* and there are quite a few statically linked X11 applications :(

IMHO it has to be created at boot time under /tmp/.ICE-unix. It's quite common for 
admins to replace the /tmp partition without backing up anything (arguably a sysadmin 
error) so having a package owning it won't be enough i am afraid.
Comment 11 Mike A. Harris 2004-06-29 10:43:12 EDT
I don't think it is a good idea to have package owning files in
/tmp, because by definition, /tmp is temporary and it is legal
to blow it away.  I think it's reasonable to add a kludge to
initscripts to create the dir or fix the perms if it doesn't
exist though, at least until a proper solution is implemented in
a future X.Org release.  Egbert/Jim were working out something
last I saw, but I'm not sure when it's planned to go in. I'll
have to ping them about that.

I think hacking the initscripts will fix the short term problem
mostly "good 'nuff" so to speak.  ;o)
Comment 12 Bill Nottingham 2004-06-29 14:48:08 EDT
Added in initscripts CVS, will be in 7.58-1.
Comment 13 Kostas Georgiou 2004-06-30 05:33:38 EDT
Great, can you please add it in u3 for RHEL as well ?
Comment 14 Bill Nottingham 2004-06-30 15:22:28 EDT
Probably not at this time; could be queued for U4, though.
Comment 15 Bill Nottingham 2004-06-30 15:44:49 EDT
Will be in 7.31.15.EL-1 or later, whenever that is released.

Note You need to log in before you can comment on or make changes to this bug.