Re: [SLE] Permission question

• Previous message: i r: "Re: [SLE] How to deploy an web application on tomcat5.0.27"
• In reply to: Donn Washburn: "Re: [SLE] Permission question"
• Next in thread: Carlos E. R.: "Re: [SLE] Permission question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: suse list <suse-linux-e@suse.com>
Date: Sat, 08 Jan 2005 14:58:06 +0100

Donn Washburn <n5xwb@hal-pc.org> writes:

> I guess you have discovered another new headachce caused by security.
> While logged in as a user In a xterm or konsole log in as root (su or
> sux), try to execute anything.
>
> Error!
>
> Xlib: connection to ":0.0" refused by server
> Xlib: Invalid MIT-MAGIC-COOKIE-1 key
> myprogram: cannot connect to X server :0.0

There is something wrong with your configuration. "xauth list" may
help you to find out.

> This is another reason that root is not equal to "su" or "sux"

Please, read "man Xsecurity".

> Remember that you have been told you should not be logged in as
> "root". That is evil!

It's an oversimplification.

> Long and short is that SuSE and/or X.org have rigged xlib for
> security (I guess) that root can not share the X server with a user.

It's not true. I'm sorry, I don't have time to explain how it works
(perhaps someone can send a link to a good article).

Anyway, I have one more comment. It's better to formulate problems by
asking questions. People who are not familiar with the topic will
then understand that you are not sure about the correct behavior. If
you write your hypothesis as an "absolute truth" then a huge
confusion among beginners will follow.

> This is similar to the permission problems found in the past with
> xcdroast and a /dev/cdrom. root was told xcdroast was dangerous and
> a user could use the CD but xcdroast would work.

It's also about security but these problems are not related.

--
A.M.
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com

• Previous message: i r: "Re: [SLE] How to deploy an web application on tomcat5.0.27"
• In reply to: Donn Washburn: "Re: [SLE] Permission question"
• Next in thread: Carlos E. R.: "Re: [SLE] Permission question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

• [UNIX] Pine URL Handler Allows Execution of Embedded Commands
  ... The following security advisory is sent to the securiteam mailing list, and can be
  found at the SecuriTeam web site: http://www.securiteam.com ... The vulnerability would allow
  remote attackers to cause the Pine program ... to execute arbitrary commands. ...
  If the attacked user is reading his email as root these commands will ... (Securiteam)
• RE: Linux hacked
  ... Subject: Linux hacked ... After you boot up into the OS running from
  CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful
  in getting root back. ... (Security-Basics)
• Re: Linux hacked
  ... is to boot your system with a separate ... You can't trust the logs,
  ... >> First let me say I'm a security novice. ... >> been unsuccessful
  in getting root back. ... (Security-Basics)
• Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Lo
  ... HP Software Security Response Team ... UNIX Operating System running the dop
  command. ... privileges of the root user. ... echo "HP Security bulletin
  code identification: ... (Bugtraq)
• RE: Linux hacked
  ... Also, what exactly did the history file show, can you paste it into a mail ...
  > First let me say I'm a security novice. ... > been unsuccessful in getting root
  back. ... > via ssh but you could su in once logged in as one of three users. ...
  (Security-Basics)