Re: X11 cookie hijacker

[okir () MONAD SWB DE (Olaf Kirch)]

On Tue, 03 Nov 1998 18:13:54 +1100, David Dawes wrote:
> I assume from this list that you don't have a real solution?  We've all
> seen the "potential" solutions before.  The problem doesn't still exist
> because nobody cares about it.  It still exists because nobody has, to
> my knowledge, found a real solution to it.

I consider a solution that leaves my X session open to eavesdropping
and manipulation worse than a hack that's advertised as breaking some
minor things but going to go away as soon as a better solution is
found.

Second, not all approaches necessarily break things.

 1.     Unix domain sockets could easily abandoned with, provided
        XOpenConnection clandestinely maps "unix:0" to "localhost:0".
 2.     If making /tmp/.X11-unix mode 711 breaks servers that are not
        setuid root, why not at least protect the ones that are?
        How many X servers typically get installed on a single machine?

AFAIK, most Unix vendors have been able to come up with a solution.
Not a universal one, but one that works for their servers, and
apparently doesn't break XOpenConnection big time.

Olaf
--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax