[Bug 1789] On linux use abstract socket for X11 connections if possible

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 2 13:19:18 EST 2010


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org

--- Comment #7 from Damien Miller <djm at mindrot.org>  ---
Isn't the solution for SELinux rules breaking /tmp to fix the SELinux
rules? Abstract sockets look like a complete trainwreck waiting to
happen: a brand new, completely unstructured but shared namespace, with
zero intrinsic security protections (not even filesystem permissions)
where every consumer application must implement security controls
correctly, rather than letting the kernel do it.

At the very least, I think we will wait a while before rushing to add
support for this to OpenSSH.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list