In order to run vncserver on my Solaris machines I have to chmod 777 /tmp/.X11* or I get the error: Failed to establish all listening sockets (obviously when running the vncserver NOT as the root user)
Since these directories are created very late in the boot up process we had to add the following script to /etc/rc3.d (note the sleep 61, sleep 5 is too short) =================== #!/sbin/sh #
case "$1" in 'start') echo Allowing vncserver permission to be run by all users sleep 61 mkdir /tmp/.X11-pipe mkdir /tmp/.X11-unix chmod 777 /tmp/.X11-pipe chmod 777 /tmp/.X11-unix ;;
'stop') ;;
*) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 ==================== This seems more secure than doing a SUID root on the Xvnc binary.
I heard that chmod of the .X11-pipe is a security hole, but I am unclear about what the nature of the security hole is, can anyone elaborate?
It's both some kind of a security hole.
IF you have access to the tmpdirectory, then you might have access to the named-pipes (or sockets) as used in the X11 protocol/communicaiton. An exploit can be reading or writing to it and so get access to the screen, regardless of the used X11 server. Hence, you not only open the Xvnc-driven X11 displays but also the other ones.
If you set Xvnc to SETUID-root, you just give the process of Xvnc the root rights, even if it is started by any other user. Since you have the Xvnc source, you can at least see the security holes in there and see how this process can be abused to gain root access.
A way in the middle can be a dedicated UID (or GID) that handles the directory: Create a Xserver group, put the S-bit on the group for Xvnc and give this group proper access to the directory.
An other way can be to use a wraper script that sets Xvnc to the proper access in a more controlled way. This can also be done by using the inetd (xinetd) way to start X vnc (http://www.sourcecodecorner.com/articles/vnc/linux.asp).
Or by starting Xvnc just like the normal Xserver: (from my previous mail, details are for RHlinux, can be similar for Solaris)
'/etc/X11/xdm/Xservers': add the next lines (and comment out all others). WRAPWARNING: each line is either comment or it starts with the same word as it ends (:0 to :0 and :4 to :4).
# disable the X session on the console
#:0 local /usr/X11R6/bin/X
# vncsession :0, using vncpassword from root.
:0 ROOTVNC local /usr/bin/Xvnc -geometry 800x600 -depth 8 -rfbwait
120000 -rfbauth /root/.vnc/passwd :0
# vncsession :4, no vncpassword.
:4 FREEVNC local /usr/bin/Xvnc -geometry 800x600 -depth 8 -rfbwait
120000 -alwaysshared -dontdisconnect :4
Now restart the display manager (or the machine) and...
Is there a better way of getting Xvnc to run? _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
