Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 86480

Summary: /tmp/.ICE-unix/ owned by non-root user
Product: [Retired] Red Hat Linux Reporter: NILMONI DEB <ndeb>
Component: XFree86Assignee: Mike A. Harris <mharris>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: k.georgiou, mitr, notting
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-09 08:51:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description NILMONI DEB 2003-03-23 20:42:26 UTC
Description of problem: 
As explained in 
http://mail.gnome.org/archives/gnome-hackers/2001-September/msg00176.html 
the /tmp/.ICE-unix/ has user:user ownership. This makes it a security issue 
and also delays the startup of GUI. This may be due to a libICE bug ( 
https://listman.redhat.com/pipermail/enigma-list/2002-June/014027.html ) but 
the current culprit is the /etc/rc.sysinit script which has these lines: 
 
# Delete ICE locks 
rm -rf /tmp/.ICE-unix 
 
Even if the ownership of /tmp/.ICE-unix is changed to root:root, at the next 
reboot, these directory is deleted. Now, when X is started, a new 
/tmp/.ICE-unix is created with non-root ownership. 
 
The worksound is to have these lines instead in /etc/rc.sysinit : 
 
# Delete ICE locks 
rm -rf /tmp/.ICE-unix/* 
chown root:root /tmp/.ICE-unix/ 
 
 
Version-Release number of selected component (if applicable): 
 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. start X 
2. check ownership of /tmp/.ICE-unix 
3. 
     
Actual results: 
Non-root ownership of /tmp/.ICE-unix/ 
 
Expected results: 
/tmp/.ICE-unix/ should be owned by root:root 
 
Additional info:

Comment 1 NILMONI DEB 2003-05-01 22:49:46 UTC
The same problem is present it redhat 9. Can somebody make the small change in 
/etc/rc.sysinit and fix this ? 

Comment 4 Mike A. Harris 2004-06-18 16:37:14 UTC
We're tracking this issue in the upstream bug report:
    http://freedesktop.org/bugzilla/show_bug.cgi?id=306

As Jim indicates in his initial comment, the solution for this is
not immediately obvious.  There are a number of approaches that
could be taken, each one carrying various risks to code stability.

We'll follow the progress upstream on this one, and once it's
resolved there, it will eventually make it into newer Red Hat
OS releases once we integrate newer X.Org X11 releases.

For the time being, we might as well add the following:

# Delete ICE locks 
rm -rf /tmp/.ICE-unix
mkdir -p /tmp/.ICE-unix
chown root:root /tmp/.ICE-unix

While it isn't a real solution, it will likely work good enough
for the most part.



Comment 5 Mike A. Harris 2004-06-18 16:38:07 UTC
Bill: Do the changes I propose above look ok to you?

Comment 6 Bill Nottingham 2004-06-28 20:02:37 UTC
Hm, that almost sounds like something should just own the directory.

Comment 7 Kostas Georgiou 2004-06-28 21:52:05 UTC
You probably also want to add chmod 1777 /tmp/.ICE-unix as well

Comment 8 Bill Nottingham 2004-06-28 22:11:43 UTC
Well, if the directory exists, none of the X code will ever a) remove
it b) change the permissions, correct?


Comment 9 Havoc Pennington 2004-06-29 08:16:03 UTC
If we make the package own the dir, maybe it should move to
/var/run/ICE/ ?


Comment 10 Kostas Georgiou 2004-06-29 09:02:28 UTC
I am not quite sure that it can be moved without breaking existing applications.
It is hardcoded in libICE.* and there are quite a few statically linked X11 applications :(

IMHO it has to be created at boot time under /tmp/.ICE-unix. It's quite common for 
admins to replace the /tmp partition without backing up anything (arguably a sysadmin 
error) so having a package owning it won't be enough i am afraid.


Comment 11 Mike A. Harris 2004-06-29 14:43:12 UTC
I don't think it is a good idea to have package owning files in
/tmp, because by definition, /tmp is temporary and it is legal
to blow it away.  I think it's reasonable to add a kludge to
initscripts to create the dir or fix the perms if it doesn't
exist though, at least until a proper solution is implemented in
a future X.Org release.  Egbert/Jim were working out something
last I saw, but I'm not sure when it's planned to go in. I'll
have to ping them about that.

I think hacking the initscripts will fix the short term problem
mostly "good 'nuff" so to speak.  ;o)


Comment 12 Bill Nottingham 2004-06-29 18:48:08 UTC
Added in initscripts CVS, will be in 7.58-1.

Comment 13 Kostas Georgiou 2004-06-30 09:33:38 UTC
Great, can you please add it in u3 for RHEL as well ?

Comment 14 Bill Nottingham 2004-06-30 19:22:28 UTC
Probably not at this time; could be queued for U4, though.

Comment 15 Bill Nottingham 2004-06-30 19:44:49 UTC
Will be in 7.31.15.EL-1 or later, whenever that is released.