Received: from mail.gnome.org (localhost.localdomain [127.0.0.1]) by mail.gnome.org (Postfix) with ESMTP id EC5722C3A1; Sun, 16 Sep 2001 01:04:05 -0400 (EDT) Delivered-To: gnome-private-members@gnome.org Received: from mail.gnome.org (localhost.localdomain [127.0.0.1]) by mail.gnome.org (Postfix) with ESMTP id 1E74A2C0E5; Sun, 16 Sep 2001 01:03:04 -0400 (EDT) Delivered-To: gnome-hackers@gnome.org Received: from icon.labs.redhat.com (nat-pool-meridian.redhat.com [199.183.24.200]) by mail.gnome.org (Postfix) with ESMTP id 665D42C0E5 for ; Sun, 16 Sep 2001 01:02:44 -0400 (EDT) Received: (from hp@localhost) by icon.labs.redhat.com (8.11.6/8.11.6) id f8G500315102; Sun, 16 Sep 2001 01:00:00 -0400 X-Authentication-Warning: icon.labs.redhat.com: hp set sender to hp@redhat.com using -f To: gnome-hackers@gnome.org Subject: /tmp/.ICE-unix From: Havoc Pennington Message-Id: Lines: 31 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Beenthere: gnome-hackers@gnome.org X-Loop: gnome-hackers@gnome.org X-Mailman-Version: 2.0.5 Precedence: bulk Date: 16 Sep 2001 01:00:00 -0400 Sender: gnome-private-members-admin@gnome.org Errors-To: gnome-private-members-admin@gnome.org X-Beenthere: gnome-private-members@gnome.org X-Loop: gnome-private-members@gnome.org List-Help: List-Post: List-Subscribe: , List-Id: Members of gnome-hackers and gnome-private List-Unsubscribe: , Status: Content-Transfer-Encoding: 8bit Hi, I just found an annoying issue that adds 5 seconds to your login time. If you are seeing the message "mkdir: owner of /tmp/.ICE-unix should be set to root" then try chowning that directory to root. Otherwise gnome-session hits this code path in libICE: if (updateOwner && !updatedOwner) { PRMSG(1, "mkdir: Owner of %s should be set to root\n", path, 0, 0); sleep(5); } if (updateMode && !updatedMode) { PRMSG(1, "mkdir: Mode of %s should be set to %04o\n", path, mode, 0); sleep(5); } Anyway, both of my machines had a non-root owner for .ICE-unix. I don't know how this happens, what the perms are supposed to be, or in general have any idea at all what is going on. But chowning manually seems to fix it. Anyone know what is going on here? Presumably it's a security issue in addition to causing a sleep(5)... Havoc _______________________________________________ gnome-hackers mailing list gnome-hackers@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-hackers --1 Content-Type: message/rfc822 Content-Disposition: inline Delivered-To: gnome-hackers@gnome.org Received: from devserv.devel.redhat.com (nat-pool-meridian.redhat.com [199.183.24.200]) by mail.gnome.org (Postfix) with ESMTP id 5E5472BB3A for ; Sun, 16 Sep 2001 09:30:13 -0400 (EDT) Received: (from alan@localhost) by devserv.devel.redhat.com (8.11.0/8.11.0) id f8GDUDR09350; Sun, 16 Sep 2001 09:30:13 -0400 From: Alan Cox Message-Id: <200109161330.f8GDUDR09350@devserv.devel.redhat.com> Subject: Re: /tmp/.ICE-unix To: hp@redhat.com (Havoc Pennington) Cc: gnome-hackers@gnome.org In-Reply-To: from "Havoc Pennington" at Sep 16, 2001 01:00:00 AM X-Mailer: ELM [version 2.5 PL6] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Beenthere: gnome-hackers@gnome.org X-Loop: gnome-hackers@gnome.org X-Mailman-Version: 2.0.5 Precedence: bulk Date: Sun, 16 Sep 2001 09:30:13 -0400 (EDT) Sender: gnome-private-members-admin@gnome.org Errors-To: gnome-private-members-admin@gnome.org X-Beenthere: gnome-private-members@gnome.org X-Loop: gnome-private-members@gnome.org List-Help: List-Post: List-Subscribe: , List-Id: Members of gnome-hackers and gnome-private List-Unsubscribe: , Status: Content-Transfer-Encoding: 8bit > I just found an annoying issue that adds 5 seconds to your login > time. If you are seeing the message "mkdir: owner of /tmp/.ICE-unix > should be set to root" then try chowning that directory to root. > > Otherwise gnome-session hits this code path in libICE: > > if (updateOwner && !updatedOwner) { > PRMSG(1, "mkdir: Owner of %s should be set to root\n", > path, 0, 0); > sleep(5); > } > if (updateMode && !updatedMode) { > PRMSG(1, "mkdir: Mode of %s should be set to %04o\n", > path, mode, 0); > sleep(5); > } > > Anyway, both of my machines had a non-root owner for .ICE-unix. I > don't know how this happens, what the perms are supposed to be, or in > general have any idea at all what is going on. But chowning manually > seems to fix it. > > Anyone know what is going on here? Presumably it's a security issue in > addition to causing a sleep(5)... If its a security issue sleep(5) is inappropriate it shgould be exit(1) _______________________________________________ gnome-hackers mailing list gnome-hackers@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-hackers --1 Content-Type: message/rfc822 Content-Disposition: inline Received: from mail.gnome.org (localhost.localdomain [127.0.0.1]) by mail.gnome.org (Postfix) with ESMTP id 804512BACB; Sun, 16 Sep 2001 21:12:04 -0400 (EDT) Delivered-To: gnome-hackers@gnome.org Received: from myth3.Stanford.EDU (myth3.Stanford.EDU [171.64.15.16]) by mail.gnome.org (Postfix) with ESMTP id B34AF2BACB for ; Sun, 16 Sep 2001 21:11:34 -0400 (EDT) Received: (from snickell@localhost) by myth3.Stanford.EDU (8.11.6/8.11.6) id f8H1BQZ06560; Sun, 16 Sep 2001 18:11:26 -0700 (PDT) From: Seth Aaron Nickell To: Alan Cox Cc: Havoc Pennington , gnome-hackers@gnome.org Subject: Re: /tmp/.ICE-unix Message-Id: <20010916181126.A6450@myth3.stanford.edu> References: <200109161330.f8GDUDR09350@devserv.devel.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200109161330.f8GDUDR09350@devserv.devel.redhat.com>; from alan@redhat.com on Sun, Sep 16, 2001 at 09:30:13AM -0400 X-Beenthere: gnome-hackers@gnome.org X-Loop: gnome-hackers@gnome.org X-Mailman-Version: 2.0.5 Precedence: bulk Date: Sun, 16 Sep 2001 18:11:26 -0700 Sender: gnome-private-members-admin@gnome.org Errors-To: gnome-private-members-admin@gnome.org X-Beenthere: gnome-private-members@gnome.org X-Loop: gnome-private-members@gnome.org List-Help: List-Post: List-Subscribe: , List-Id: Members of gnome-hackers and gnome-private List-Unsubscribe: , Status: Content-Transfer-Encoding: 8bit > > Anyone know what is going on here? Presumably it's a security issue in > > addition to causing a sleep(5)... > > If its a security issue sleep(5) is inappropriate it shgould be exit(1) Bullshit. Security is only worthwhile because it helps people maximize their use of computers (given that security violations result in loss of some functionality, whether that be privacy or actual data, or just time). Changing that to "exit(1)" would mean that a lot of people could no longer use GNOME. We have to start working on the assumption that we will have users who are not familiar with *nix and the command-line or we have absolutely no hope of ever creating an environment that is usable by non-*nix geeks. Printing the data out to the commandline is also a silly approach. If this represents a significant security violation, it should pop up a dialogue warning the user, and offer to fix it (of course prompting for a root password). I've seen this on too many systems for exit(1) to be a viable option. That's a cop-out. -Seth _______________________________________________ gnome-hackers mailing list gnome-hackers@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-hackers --1 Content-Type: message/rfc822 Content-Disposition: inline Received: from mail.gnome.org (localhost.localdomain [127.0.0.1]) by mail.gnome.org (Postfix) with ESMTP id E1D6A2C648; Sun, 16 Sep 2001 23:19:03 -0400 (EDT) Delivered-To: gnome-hackers@gnome.org Received: from dirk.holoweb.net (dirk2.holoweb.net [216.94.134.20]) by mail.gnome.org (Postfix) with ESMTP id 4B0AC2C648 for ; Sun, 16 Sep 2001 23:18:50 -0400 (EDT) Received: (from liam@localhost) by dirk.holoweb.net (8.9.3/8.9.3) id XAA82634 for gnome-hackers@gnome.org; Sun, 16 Sep 2001 23:18:49 -0400 (EDT) (envelope-from liam) From: Liam Quin To: gnome-hackers@gnome.org Subject: Re: /tmp/.ICE-unix Message-Id: <20010916231849.B82498@dirk.holoweb.net> References: <200109161330.f8GDUDR09350@devserv.devel.redhat.com> <20010916181126.A6450@myth3.stanford.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <20010916181126.A6450@myth3.stanford.edu> X-Feet: bare, comfortable. happy and free! X-Beenthere: gnome-hackers@gnome.org X-Loop: gnome-hackers@gnome.org X-Mailman-Version: 2.0.5 Precedence: bulk Date: Sun, 16 Sep 2001 23:18:49 -0400 Sender: gnome-private-members-admin@gnome.org Errors-To: gnome-private-members-admin@gnome.org X-Beenthere: gnome-private-members@gnome.org X-Loop: gnome-private-members@gnome.org List-Help: List-Post: List-Subscribe: , List-Id: Members of gnome-hackers and gnome-private List-Unsubscribe: , Status: Content-Transfer-Encoding: 8bit On Sun, Sep 16, 2001 at 06:11:26PM -0700, Seth Aaron Nickell wrote: >>> Anyone know what is going on here? Presumably it's a security issue in >>> addition to causing a sleep(5)... Alan Cox pointed out: >> If its a security issue sleep(5) is inappropriate it shgould be exit(1) And Seth spluttered: > Bullshit. Security is only worthwhile because it helps people maximize > their use of computers (given that security violations result in loss of > some functionality, whether that be privacy or actual data, or just time). This is the reasoning that led to Microsoft Bob prompting you with your password if you guessed wrong too many times. If the ownership is important, bring up a modal dlog box and wait for the user to say, "OK, run anyway" or something. If the ownership is not important, why check for it in the first place? So... > Printing the data out to the commandline is also a silly approach. If this > represents a significant security violation, it should pop up a dialogue > warning the user, and offer to fix it (of course prompting for a root > password). Here we agree. Unless maybe even that much access can cause security problems. Lee -- Liam Quin - XML Core staff contact, W3C, http://www.w3.org/People/Quin/ Ankh: irc.sorcery.net www.valinor.sorcery.net irc.gnome.org www.advogato.org Author, Open Source XML Database Toolkit, Wiley August 2000 Co-author: The XML Specification Guide, Wiley 1999; Mastering XML, Sybex 2001 _______________________________________________ gnome-hackers mailing list gnome-hackers@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-hackers --1 Content-Type: message/rfc822 Content-Disposition: inline Delivered-To: gnome-private-members@gnome.org Received: from mail.gnome.org (localhost.localdomain [127.0.0.1]) by mail.gnome.org (Postfix) with ESMTP id 455702BA85; Sun, 16 Sep 2001 23:41:03 -0400 (EDT) Delivered-To: gnome-hackers@gnome.org Received: from icon.labs.redhat.com (nat-pool-meridian.redhat.com [199.183.24.200]) by mail.gnome.org (Postfix) with ESMTP id A5BBC2BA85 for ; Sun, 16 Sep 2001 23:40:31 -0400 (EDT) Received: (from hp@localhost) by icon.labs.redhat.com (8.11.6/8.11.6) id f8H3bhY23540; Sun, 16 Sep 2001 23:37:43 -0400 X-Authentication-Warning: icon.labs.redhat.com: hp set sender to hp@redhat.com using -f To: Seth Aaron Nickell Cc: Alan Cox , gnome-hackers@gnome.org Subject: Re: /tmp/.ICE-unix References: <200109161330.f8GDUDR09350@devserv.devel.redhat.com> <20010916181126.A6450@myth3.stanford.edu> From: Havoc Pennington In-Reply-To: Seth Aaron Nickell's message of "Sun, 16 Sep 2001 18:11:26 -0700" Message-Id: Lines: 46 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Beenthere: gnome-hackers@gnome.org X-Loop: gnome-hackers@gnome.org X-Mailman-Version: 2.0.5 Precedence: bulk Date: 16 Sep 2001 23:37:43 -0400 Sender: gnome-private-members-admin@gnome.org Errors-To: gnome-private-members-admin@gnome.org X-Beenthere: gnome-private-members@gnome.org X-Loop: gnome-private-members@gnome.org List-Help: List-Post: List-Subscribe: , List-Id: Members of gnome-hackers and gnome-private List-Unsubscribe: , Status: Content-Transfer-Encoding: 8bit Seth Aaron Nickell writes: > Printing the data out to the commandline is also a silly approach. If this > represents a significant security violation, it should pop up a dialogue > warning the user, and offer to fix it (of course prompting for a root > password). > > I've seen this on too many systems for exit(1) to be a viable option. > That's a cop-out. What would the dialog say? "Hi. Some weird permissions are mangled on some weird file resulting in ICE authentication insecurity. Please give your root password to do something you don't understand." ;-) I don't think so. If it's a security issue (and I think it probably is - whoever owns the dir can delete everyone else's ICE sockets), then it's a cop-out if we ever let the situation arise. I think we've let it arise because people haven't noticed the message or didn't think it was important, because it doesn't fatally crash. This is an assertion failure, in other words, it's not an expected error condition. At least that's my interpretation. I would have put maybe a g_assert_not_reached() in this spot, not sleep (5). It represents a system bug. I feel like there's a gap in my understanding however, because this code is clearly meant to be run from the session manager, and the SM is never running as root, and the code thus has no chance of creating a root-owned directory; so I don't get how any session manager was ever meant to get this right. Neither GNOME nor KDE appear to handle this case (KDE has their own cut-and-paste of the ICE code for some reason, but this piece of the code is unmodified). I don't think the ancient xsm does anything special either. We need to track down whoever originally designed this code. ;-) Sadly all the file says is Open Group and NCR Corporation. ;-) The same code runs to create /tmp/.X11-unix, for the X server connections, but I think in that case getting the perms right is done by the xserver and involves running as root at least part of the time. Clearly we can't run gnome-session as root. I can imagine plenty of ways to create that dir with the right permissions before gnome-session runs, but I am really curious what the Right Way is. Havoc _______________________________________________ gnome-hackers mailing list gnome-hackers@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-hackers --1 Content-Type: message/rfc822 Content-Disposition: inline Delivered-To: gnome-private-members@gnome.org Received: from mail.gnome.org (localhost.localdomain [127.0.0.1]) by mail.gnome.org (Postfix) with ESMTP id 62D652BBD7; Sun, 16 Sep 2001 23:50:05 -0400 (EDT) Delivered-To: gnome-hackers@gnome.org Received: from chaos.noisehavoc.org (unknown [64.149.187.162]) by mail.gnome.org (Postfix) with ESMTP id 0E1602BBD7 for ; Sun, 16 Sep 2001 23:49:06 -0400 (EDT) Received: from mjs by chaos.noisehavoc.org with local (Exim 3.22 #1 (Debian)) id 15ipB1-0007oV-00; Sun, 16 Sep 2001 20:34:31 -0700 From: Maciej Stachowiak To: Havoc Pennington Cc: Seth Aaron Nickell , Alan Cox , gnome-hackers@gnome.org Subject: Re: /tmp/.ICE-unix Message-Id: <20010916203431.B29921@noisehavoc.org> References: <200109161330.f8GDUDR09350@devserv.devel.redhat.com> <20010916181126.A6450@myth3.stanford.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from hp@redhat.com on Sun, Sep 16, 2001 at 11:37:43PM -0400 X-Beenthere: gnome-hackers@gnome.org X-Loop: gnome-hackers@gnome.org X-Mailman-Version: 2.0.5 Precedence: bulk Date: Sun, 16 Sep 2001 20:34:31 -0700 Sender: gnome-private-members-admin@gnome.org Errors-To: gnome-private-members-admin@gnome.org X-Beenthere: gnome-private-members@gnome.org X-Loop: gnome-private-members@gnome.org List-Help: List-Post: List-Subscribe: , List-Id: Members of gnome-hackers and gnome-private List-Unsubscribe: , Status: Content-Transfer-Encoding: 8bit On 16Sep2001 11:37PM (-0400), Havoc Pennington wrote: > > Seth Aaron Nickell writes: > > Printing the data out to the commandline is also a silly approach. If this > > represents a significant security violation, it should pop up a dialogue > > warning the user, and offer to fix it (of course prompting for a root > > password). > > > > I've seen this on too many systems for exit(1) to be a viable option. > > That's a cop-out. > > What would the dialog say? "Hi. Some weird permissions are mangled on > some weird file resulting in ICE authentication insecurity. Please > give your root password to do something you don't understand." ;-) > > I don't think so. If it's a security issue (and I think it probably is > - whoever owns the dir can delete everyone else's ICE sockets), then > it's a cop-out if we ever let the situation arise. I think we've let > it arise because people haven't noticed the message or didn't think it > was important, because it doesn't fatally crash. This is an assertion > failure, in other words, it's not an expected error condition. At > least that's my interpretation. I would have put maybe a > g_assert_not_reached() in this spot, not sleep (5). It represents a > system bug. A filesystem condition should never be an assertion failure. It should always result in an error message explaining what's wrong, and ideally how to fix it (possibly followed by exiting if the error is not recoverable, although it's better to degrade gracefully or fix the problem). The filesystem should be considered untrusted external data. I have no opinion on the rest of your message (about how to get the permissions right) because I don't know much about this specific issue. Regards, Maciej _______________________________________________ gnome-hackers mailing list gnome-hackers@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-hackers --1--