A local socket hijacking vulnerability affects X.org X Windows Server. This issue is due to a failure of the application to securely create socket directories. An attacker may leverage this issue to hijack socket sessions, potentially facilitating arbitrary read and write access with the privileges of the user that started the vulnerable server.
Waiting for upstream / maintainer confirmation...
This advisory is about five months out of date. The SCO advisory is at http://www.securityfocus.com/advisories/7936. We shouldn't be vulnerable, at least the latest versions -- it depends whether xorg-x11 is built with XtransFailSoft. This isn't the case by default on any system besides cygwin and darwin, and Gentoo doesn't set it. However, the option for a hard failure didn't exist before 6.8.0, so 6.7.0 could be considered "vulnerable." The relevant paragraph from the advisory: The socket directories created in /tmp are now required to be owned by root and have their sticky-bit set. If the permission is not set properly, the component will try to set it properly. If it is unable to do that, it will generate error/warning message(s), but the component will not fail. (a.k.a. fail softly) donnie@supernova /usr/lib/X11/config $ ls -ld /tmp/.X11-unix /tmp/.ICE-unix drwxrwxrwt 2 root root 4096 Jan 31 22:11 /tmp/.ICE-unix drwxrwxrwt 2 root root 4096 Feb 3 02:15 /tmp/.X11-unix Some distributions now supply an init script to ensure those directories exist once systems are booted, since people may have /tmp set up to be deleted on reboot. We don't do this currently -- if people delete /tmp, it's up to them to recreate the appropriate dirs.
Some users (like me) have /tmp on tmpfs, so it will always be empty after a reboot, no cleanup-script during shutdown needed.
Hmm right... so we might have to patch it for those still relying on the 6.7.0 series (like ppc/ppc64) ?
If you're interested in coming up with a patch or finding someone else to do so, I'll add it. But to me, this is a minor vulnerability that affects a small proportion of our userbase on 1-2 specific archs, and it can wait until 6.8.2 hits stable. ppc* should work fine on 6.8.2, which I added last night. They may be interested in marking it stable a little sooner than usual, since they've had the opportunity to test all along the 6.8.1.90* series.
Adding ppc to test 6.8.2.
ppc64 is supposed to mark 6.8.2 stable in the next few days (only a bit more testing needed). so there is currently no need for patching 6.7.0. Markus
xorg-x11-6.8.2 is now stable on ppc.
xorg-x11-6.8.2 is now stable on ppc64
security, pls vote on GLSA need
s/vote/comment/ maybe since this has been marked B2?
I vote NO: it's almost a non-issue and it was fixed in all recent versions...
I vote NO -> closing. Feel free to reopen if you disagree.
