From 70b72b2db5e1aab28ca6581b60e810c2c2f42490 Mon Sep 17 00:00:00 2001
From: anholt <anholt@FreeBSD.org>
Date: Wed, 12 Jan 2005 07:18:25 +0000
Subject: Create three additional X socket directories.  Using X applications
 when another user owns these directories or the sticky bit is unset may open
 security holes, so simply create them at startup with the correct owner/mode.

MFC after:	1 day
---
 etc/rc.d/cleartmp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'etc')

diff --git a/etc/rc.d/cleartmp b/etc/rc.d/cleartmp
index 7bde18b..bacc235 100755
--- a/etc/rc.d/cleartmp
+++ b/etc/rc.d/cleartmp
@@ -14,6 +14,7 @@ name="cleartmp"
 rcvar=`set_rcvar clear_tmp`
 start_cmd="cleartmp_start"
 stop_cmd=":"
+x11_socket_dirs="/tmp/.X11-unix /tmp/.ICE-unix /tmp/.font-unix /tmp/.XIM-unix"
 
 cleartmp_start()
 {
@@ -31,9 +32,9 @@ cleartmp_start()
 load_rc_config $name
 run_rc_command "$1"
 
-# Remove X lock files, since they will prevent you from
-# restarting X
-#
+# Remove X lock files, since they will prevent you from restarting X.
 rm -f /tmp/.X[0-9]-lock
-rm -fr /tmp/.X11-unix
-mkdir -m 1777 /tmp/.X11-unix
+
+# Create socket directories with correct permissions to avoid security problem.
+rm -fr ${x11_socket_dirs}
+mkdir -m 1777 ${x11_socket_dirs}
-- 
cgit v1.1