Bugtraq mailing list archives
xcrowbar
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 11 Jan 1995 13:54:20 -0500
What's xcrowbar, and how does it "turn[] off the authority mechanisms altogether"? In my experience, only clients running on the local host, or the xdm host if the server was started with xdm, can fiddle with the access control mechanisms.
As for only the local host or xdm host being able to "fiddle with the access control mechanism", I highly doubt that the statement is true. X servers (well, at least the distributed ones) don't pay any special attention to whether a client is local or remote.
Then someone's broken things rather severely in the last year or two. Back in the R4 days (which was when I kinda dropped out of touch with current X), the server _did_ pay attention for purposes of access control. The R4 protocol document's description of the SetAccessControl request is SetAccessControl mode: {Enable, Disable} Errors: Access, Value This request enables or disables the use of the access control list at connection setups. The client must reside on the same host as the server and/or have been granted permission by a server-dependent method to execute this request (or an Access error results). Now, of course, the "server-dependent method" could simply be to grant access to all clients, so what you describe would not, technically, be a protocol violation. But go look through mit/server/os/4.2bsd/access.c in the R4 distribution and you'll see that at least back then, it did pay attention; various things call AuthorizedClient(). If you find a server that doesn't, I would recommend sending a critical security bug report to its source (vendor, or the Consortium if you're using Consortium servers). And then pester them until they fix it!
What I do, to get the convenience of "xhost -" without giving up quite as much security, is I run a front-end program [...]I don't suppose the program you run is freely available someplace?
Anonymous ftp to collatz.mcrcim.mcgill.edu, cd /X, do a dir of xconns* and fetch whatever you think looks interesting. (Ask for .gz files if possible, please, to reduce demands on my poor slow netlink....) It really needs work, though. It should do at least minimal monitoring, it should use IDENT, etc.... der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Xwindows security? der Mouse (Jan 06)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Jon Peatfield (Jan 10)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- xcrowbar William McVey (Jan 11)
- xcrowbar der Mouse (Jan 11)
- Re: Xwindows security? Dave Kinchlea (Jan 11)
- Re: Xwindows security? Adam Shostack (Jan 11)
- Re: Xwindows security? Darren Reed (Jan 11)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Jim McCoy (Jan 11)
- Re: Xwindows security? Julian Assange (Jan 13)
- Re: Xwindows security? Timothy Newsham (Jan 11)
- about /usr/etc/chill *Hobbit* (Jan 11)
- mountd keeps vanishing (!) Eric Berggren (Jan 11)
- Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
- Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)