Security Question /tmp/.X11-pipe

Douglas Fisher fisher "at" willowglen.ca
Wed Mar 24 15:50:01 2004


In order to run vncserver on my Solaris machines I have to
chmod 777 /tmp/.X11*
or I get the error:
Failed to establish all listening sockets
(obviously when running the vncserver NOT as the root user)

Since these directories are created very late in the boot up process we had to add the following script to /etc/rc3.d (note the
sleep 61, sleep 5 is too short)
===================
#!/sbin/sh
#

case "$1" in
'start')
        echo Allowing vncserver permission to be run by all users
        sleep 61
        mkdir /tmp/.X11-pipe
        mkdir /tmp/.X11-unix
        chmod 777 /tmp/.X11-pipe
        chmod 777 /tmp/.X11-unix
        ;;

'stop')
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac
exit 0
====================
This seems more secure than doing a SUID root on the Xvnc binary.

I heard that chmod of the .X11-pipe is a security hole, but I am unclear about what the nature of the security hole is, can anyone
elaborate?

Is there a better way of getting Xvnc to run?