Bugtraq mailing list archives
Re: Xwindows security?
From: bf () morgan com (Benjamin Fried)
Date: Tue, 10 Jan 1995 18:20:14 -0500
"wam" == William McVey <wam () cs purdue edu> writes:
wam> Benjamin Fried wrote:
Ben> Xhost actually has one advantage, of a sort, over xauth: users
Ben> of xhost can grant access, and later take that access away.
wam> You want to be very careful in assuming that because you type
wam> 'xhost -' that your vulnerability goes away. All clients (like
wam> xkey) started when the authority was off are still connected
wam> and are potentially dangerous. Additionally, clients (like
wam> xcrowbar) can be started when no authority is in place that
wam> turns off the authority mechanisms altogether, thus making the
wam> 'xhost -' a moot point.
That's a good point. I really wasn't trying to be an advocate for
xhost, though. I was pointing out that the xhost model allows for
revocation of access, and xauth (at least when using MIT-MAGIC-COOKIE
access control) does not permit revocation of a user's access. As you
explain, xhost's ability to revoke access is flawed; however, no such
capability exists at all with MIT-MAGIC-COOKIE.
From what I've read, X11R6's MIT-KERBEROS-5 authorization seems much
better: it lets the user enable and disable access on a per-user basis, provided you're all running Kerberos 5. Now if only our vendor(s) supported R6! Ben
Current thread:
- Re: Xwindows security?, (continued)
- Re: Xwindows security? Jim McCoy (Jan 11)
- Re: Xwindows security? Julian Assange (Jan 13)
- Re: Xwindows security? Timothy Newsham (Jan 11)
- about /usr/etc/chill *Hobbit* (Jan 11)
- mountd keeps vanishing (!) Eric Berggren (Jan 11)
- Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
- Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)
- Re: mountd keeps vanishing (!) Pete Shipley (Jan 14)
- X Window System security Stephen Gildea (Jan 11)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- xcrowbar Dave Goldberg (Jan 11)
- xcrowbar/ident for x Nathan Lawson (Jan 11)