Bug 1789 - On linux use abstract socket for X11 connections if possible
Summary: On linux use abstract socket for X11 connections if possible
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 6.6p1
Hardware: All All
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-30 21:05 AEST by jchadima
Modified: 2019-07-23 05:46 AEST (History)
6 users (show)

See Also:


Attachments
patch solving the problem (1.32 KB, patch)
2010-06-30 21:07 AEST, jchadima
no flags Details | Diff
patch solving the problem (1.33 KB, patch)
2010-06-30 23:25 AEST, jchadima
no flags Details | Diff
patch solving the problem (1.36 KB, patch)
2010-06-30 23:28 AEST, jchadima
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description jchadima 2010-06-30 21:05:12 AEST
The abstract socket on linux is independent on the fole system and has no file system representation. This is useful when the selinux rules prevents the /tmp directory. (using namespaces)
Comment 1 jchadima 2010-06-30 21:07:19 AEST
Created attachment 1889 [details]
patch solving the problem
Comment 2 Darren Tucker 2010-06-30 22:51:37 AEST
Comment on attachment 1889 [details]
patch solving the problem

Leaving aside the merits of the rest of the change, this part is trivially broken on any platform that isn't linux since "len" will be undefined:

>+#ifdef linux
>+	int len, ret;
>+#endif
>+	len = snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr);
Comment 3 Darren Tucker 2010-06-30 23:08:05 AEST
also, if snprintf fails it'll call memcpy with a length of -1 (cast to size_t) and probably overwrite something that you'd rather it didn't.
Comment 4 jchadima 2010-06-30 23:25:38 AEST
Created attachment 1890 [details]
patch solving the problem
Comment 5 jchadima 2010-06-30 23:28:41 AEST
Created attachment 1891 [details]
patch solving the problem
Comment 6 jchadima 2010-06-30 23:29:34 AEST
Hoping solved all problems.
Comment 7 Damien Miller 2010-07-02 13:19:16 AEST
Isn't the solution for SELinux rules breaking /tmp to fix the SELinux rules? Abstract sockets look like a complete trainwreck waiting to happen: a brand new, completely unstructured but shared namespace, with zero intrinsic security protections (not even filesystem permissions) where every consumer application must implement security controls correctly, rather than letting the kernel do it.

At the very least, I think we will wait a while before rushing to add support for this to OpenSSH.
Comment 8 jchadima 2010-07-02 17:29:51 AEST
(In reply to comment #7)
> Isn't the solution for SELinux rules breaking /tmp to fix the SELinux
> rules? 

The namespaces create separate /tmp directories for each logged user. (and one for system also). There is no possibily to make system sockets under /tmp


Abstract sockets look like a complete trainwreck waiting to
> happen: a brand new, completely unstructured but shared namespace, with
> zero intrinsic security protections (not even filesystem permissions)
> where every consumer application must implement security controls
> correctly, rather than letting the kernel do it.
> 
> At the very least, I think we will wait a while before rushing to add
> support for this to OpenSSH.

Have you any other idea how safely solve this need?
Comment 9 jchadima 2010-07-02 18:19:39 AEST
(In reply to comment #7)
... namespace, with
> zero intrinsic security protections (not even filesystem permissions)

the file permissions of the whole /tmp/.X11.... is 0777  :D which is IMHO equivalent.
Comment 10 Arkadiusz Miśkiewicz 2014-09-16 23:56:35 AEST
xorg xserver people are interested in abstract sockets support in ssh for connecting to X11 since they plan to disable (and possibly deprecate in future) tcp/unix sockets by default:

http://lists.x.org/archives/xorg-devel/2014-September/043832.html
http://lists.x.org/archives/xorg-devel/2014-September/043816.html
http://lists.x.org/archives/xorg-devel/2014-September/043828.html
Comment 11 rylo 2019-07-23 05:46:23 AEST
Hi jchadima@redhat.com, do you know the status of your patch? We use pam_namespace on Linux to namespace /tmp on multiuser systems and this could help us with X11 forwarding.