Re: kern/58438 (Compatibility issues with per-user-temp [described security(7) man page])

["David H. Gutteridge via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR kern/58438; it has been noted by GNATS.

From: "David H. Gutteridge" <david%gutteridge.ca@localhost>
To: RVP <rvp%SDF.ORG@localhost>, gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/58438 (Compatibility issues with per-user-temp [described
 security(7) man page])
Date: Thu, 07 Nov 2024 00:47:01 -0500

 On Sat, 2024-11-02 at 08:28 +0000, RVP wrote:
 > OK, this patch seems to work.
 >=20
 > When xdm is started using the rc(8) framework, setusercontext(3) never
 > gets
 > called (this is only called in xdm _after_ user authentication), so
 > the X
 > server can't start without /private/tmp/0 existing. Do a bogus su(1)
 > in
 > /etc/rc.d/xdm to create this.
 >=20
 > Next, do the same for each user before _their_ X session is started;
 > _and_
 > since now X is running as root and the user is not, and there's no
 > shared
 > /tmp anymore, link root's X11 lock-file and socket into the user's
 > per-user
 > /tmp dir.
 >=20
 > Thankfully, both files are normally world-readable and -writable by
 > default.
 >=20
 > This is a terrible hack... (note that if you change xdm-config to use
 > a
 > different DisplayManager._0.startup, you'll have to put that hack in
 > the new
 > file.)
 
 Thanks for doing all this!
 
 This makes me wonder if the patch I'd found from nonaka@ existed for
 reasons somewhat like this; if there are various programs that have
 issues here if there's no /private/tmp/0 or what-have-you created
 without recourse to that login trick. Seems like it wouldn't have
 fully helped here, mind you, given the assumptions xdm makes.
 
 Dave