Securing Xvfb on a multi-user system
Billy Wilson
billy_wilson at byu.edu
Tue Jan 27 07:39:07 PST 2015
Glynn,
We ended up patching the source as you recommended.
We were a little surprised to discover that tightening the umask or mode
prior to socket creation did not prevent others from connecting to Xvfb.
So our second approach was to compare the EUID of the Xvfb process with
the EUID of the client attempting to connect, and only allow connections
when they match, effectively limiting users only to the Xvfb instances
that they started themselves. This doesn't fix the issue of two users
wanting to use the same DISPLAY number, but telling users to "export
DISPLAY=:$$" seemed to generally take care of that problem for us. This
code isn't enough to be included in X right now, but if there is enough
interest in this feature that it might be included, maybe I can make it
a configuration option.
I've attached our patch, applied to Xtranssock.c in the xtrans-1.2.7
source code (don't mind my bad indentation). From what we've tested, it
appears to work for us. I thought I'd post our solution anyway, in case
I've overlooked something.
Thanks,
Billy Wilson
On 01/16/2015 08:22 PM, Glynn Clements wrote:
> Billy Wilson wrote:
>
>> Is there a way to secure Xvfb during an installation from source, such
>> as during ./configure?
> I don't think that you're going to get the behaviour you desire
> without patching the source.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 000-restrict-connections-by-euid.patch
Type: text/x-patch
Size: 1762 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20150127/921dc127/attachment.bin>
More information about the xorg
mailing list