From owner-freebsd-ports@FreeBSD.ORG Sat Sep 17 23:06:14 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10B4F106566B for ; Sat, 17 Sep 2011 23:06:14 +0000 (UTC) (envelope-from c-s@c-s.li) Received: from mail.319.ch (319.ch [88.198.108.251]) by mx1.freebsd.org (Postfix) with ESMTP id 9F5178FC08 for ; Sat, 17 Sep 2011 23:06:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.319.ch (Postfix) with ESMTP id 9F1EE18CC0A; Sun, 18 Sep 2011 01:06:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=c-s.li; s=default; t=1316300771; bh=JIDpBX9I2g9X+tVIXcTd/l6rdL2Nbny+LfQyV8ULkas=; h=Subject:From:To:Cc:Content-Type:Date:Message-ID:Mime-Version: Content-Transfer-Encoding; b=j56q5h05Zr1ke47Up8Z0NQePrOjofJJT5EE+CTvkQMvBHxOdn1fRFlfVcONmEX92t VOvXEACBJZ3UBnn1L45UDsSQOL3Or1CcvxNxTalOUjpHhl7+ca/GSsIGpuHDMn6mod xWCCA1G5oLvt+8v49ugNLITf7DEL0DdwBMSZGCK0= Received: from mail.319.ch ([127.0.0.1]) by localhost (maia.319.ch [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 45738-06; Sun, 18 Sep 2011 01:06:11 +0200 (CEST) Received: from [192.168.1.11] (84-72-44-15.dclient.hispeed.ch [84.72.44.15]) (using SSLv3 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: c-s@c-s.li) by mail.319.ch (Postfix) with ESMTPSA id 99D9418CC09; Sun, 18 Sep 2011 01:06:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=c-s.li; s=default; t=1316300770; bh=JIDpBX9I2g9X+tVIXcTd/l6rdL2Nbny+LfQyV8ULkas=; h=Subject:From:To:Cc:Content-Type:Date:Message-ID:Mime-Version: Content-Transfer-Encoding; b=OSEIAvepg5w+hFQJQHdOJN7JEjy0mJp+MuL84cGMDm0itdB2P79da8dVfXNsz/4Ba TvLAPeoMUMwjfKOjtUgdsRf4dhfMgmo1dabTmSkVGmLVUXfzChXDAeqMwiGpaKrkq9 7D4yitdHYejBlRA1EvMfob+nvaQ12lwwoIxnTOyU= From: C-S To: freebsd-ports@freebsd.org Content-Type: text/plain; charset="UTF-8" Date: Sun, 18 Sep 2011 01:06:09 +0200 Message-ID: <1316300769.6731.11.camel@laptop> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 Content-Transfer-Encoding: 7bit Cc: x11@freebsd.org Subject: xorg-server setuid -- denial of service attack X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2011 23:06:14 -0000 Today, I discovered by accident that having setuid option set on xorg-server -- which is the default option -- may be dangerous. (I guess you all knew that already :-). Another logged in user "killed" my screen by typing: X :1 After turning setuid off, this denial of service attack was not possible anymore. To be honest, I was really surprised that a regular user with no special permissions can disrupt other people's x11 sessions that easily. Although, let me be precise here. It seems to be that he actually opened another X11 session (which is the idea of this command I guess). However, none of those sessions were displayed anymore on the screen. Am I missing anything in my security configuration? What do you think? Cheers, Carlo