Bug 86480 - /tmp/.ICE-unix/ owned by non-root user
Summary: /tmp/.ICE-unix/ owned by non-root user
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2003-03-23 20:42 UTC by NILMONI DEB
Modified: 2007-04-18 16:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-03-09 08:51:12 UTC

Attachments (Terms of Use)

Description NILMONI DEB 2003-03-23 20:42:26 UTC
Description of problem: 
As explained in 
the /tmp/.ICE-unix/ has user:user ownership. This makes it a security issue 
and also delays the startup of GUI. This may be due to a libICE bug ( 
https://listman.redhat.com/pipermail/enigma-list/2002-June/014027.html ) but 
the current culprit is the /etc/rc.sysinit script which has these lines: 
# Delete ICE locks 
rm -rf /tmp/.ICE-unix 
Even if the ownership of /tmp/.ICE-unix is changed to root:root, at the next 
reboot, these directory is deleted. Now, when X is started, a new 
/tmp/.ICE-unix is created with non-root ownership. 
The worksound is to have these lines instead in /etc/rc.sysinit : 
# Delete ICE locks 
rm -rf /tmp/.ICE-unix/* 
chown root:root /tmp/.ICE-unix/ 
Version-Release number of selected component (if applicable): 
How reproducible: 
Steps to Reproduce: 
1. start X 
2. check ownership of /tmp/.ICE-unix 
Actual results: 
Non-root ownership of /tmp/.ICE-unix/ 
Expected results: 
/tmp/.ICE-unix/ should be owned by root:root 
Additional info:

Comment 1 NILMONI DEB 2003-05-01 22:49:46 UTC
The same problem is present it redhat 9. Can somebody make the small change in 
/etc/rc.sysinit and fix this ? 

Comment 4 Mike A. Harris 2004-06-18 16:37:14 UTC
We're tracking this issue in the upstream bug report:

As Jim indicates in his initial comment, the solution for this is
not immediately obvious.  There are a number of approaches that
could be taken, each one carrying various risks to code stability.

We'll follow the progress upstream on this one, and once it's
resolved there, it will eventually make it into newer Red Hat
OS releases once we integrate newer X.Org X11 releases.

For the time being, we might as well add the following:

# Delete ICE locks 
rm -rf /tmp/.ICE-unix
mkdir -p /tmp/.ICE-unix
chown root:root /tmp/.ICE-unix

While it isn't a real solution, it will likely work good enough
for the most part.

Comment 5 Mike A. Harris 2004-06-18 16:38:07 UTC
Bill: Do the changes I propose above look ok to you?

Comment 6 Bill Nottingham 2004-06-28 20:02:37 UTC
Hm, that almost sounds like something should just own the directory.

Comment 7 Kostas Georgiou 2004-06-28 21:52:05 UTC
You probably also want to add chmod 1777 /tmp/.ICE-unix as well

Comment 8 Bill Nottingham 2004-06-28 22:11:43 UTC
Well, if the directory exists, none of the X code will ever a) remove
it b) change the permissions, correct?

Comment 9 Havoc Pennington 2004-06-29 08:16:03 UTC
If we make the package own the dir, maybe it should move to
/var/run/ICE/ ?

Comment 10 Kostas Georgiou 2004-06-29 09:02:28 UTC
I am not quite sure that it can be moved without breaking existing applications.
It is hardcoded in libICE.* and there are quite a few statically linked X11 applications :(

IMHO it has to be created at boot time under /tmp/.ICE-unix. It's quite common for 
admins to replace the /tmp partition without backing up anything (arguably a sysadmin 
error) so having a package owning it won't be enough i am afraid.

Comment 11 Mike A. Harris 2004-06-29 14:43:12 UTC
I don't think it is a good idea to have package owning files in
/tmp, because by definition, /tmp is temporary and it is legal
to blow it away.  I think it's reasonable to add a kludge to
initscripts to create the dir or fix the perms if it doesn't
exist though, at least until a proper solution is implemented in
a future X.Org release.  Egbert/Jim were working out something
last I saw, but I'm not sure when it's planned to go in. I'll
have to ping them about that.

I think hacking the initscripts will fix the short term problem
mostly "good 'nuff" so to speak.  ;o)

Comment 12 Bill Nottingham 2004-06-29 18:48:08 UTC
Added in initscripts CVS, will be in 7.58-1.

Comment 13 Kostas Georgiou 2004-06-30 09:33:38 UTC
Great, can you please add it in u3 for RHEL as well ?

Comment 14 Bill Nottingham 2004-06-30 19:22:28 UTC
Probably not at this time; could be queued for U4, though.

Comment 15 Bill Nottingham 2004-06-30 19:44:49 UTC
Will be in 7.31.15.EL-1 or later, whenever that is released.

Note You need to log in before you can comment on or make changes to this bug.