[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Fluxbox
From: |
Olivier Sessink |
Subject: |
Re: [Jailkit-users] Fluxbox |
Date: |
Tue, 12 Apr 2022 23:05:36 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 |
On 09-04-2022 03:43, Eric Ratliff wrote:
Thanks Olivier, great points and important for me to consider... I didn't
realize running xorg could open some security issues.
I'll probably design this a different way w/ that in mind, but I'll admit, my
curiosity got the best of me and as mental exercise, I want to get this figured
out.
I tried issuing:
chmod u+s /opt/tech-jail/usr/bin/xinit
chmod u+s /opt/tech-jail/usr/bin/Xorg
chmod u+s /opt/tech-jail/usr/bin/xauth
chmod u+s /opt/tech-jail/usr/bin/xmodmap
just look at the original permissions and copy those. On my (Ubuntu)
system it is /usr/lib/xorg/Xorg.wrap that has the setuid bit set
$ stat /usr/lib/xorg/Xorg.wrap
File: /usr/lib/xorg/Xorg.wrap
Size: 14488 Blocks: 32 IO Block: 4096 regular file
Device: 801h/2049d Inode: 4719133 Links: 1
Access: (6755/-rwsr-sr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2022-04-05 20:42:08.945846754 +0200
Modify: 2021-12-14 15:14:13.000000000 +0100
Change: 2021-12-15 08:36:09.962184393 +0100
[..]
rt_sigsuspend([], 8_XSERVTransmkdir: Owner of /tmp/.X11-unix should be set to
root
could this be a problem as well?
Olivier
--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/