Bugtraq mailing list archives

Re: Xwindows security?

From: dougmc () comco com (Doug McLaren)
Date: Wed, 11 Jan 1995 09:24:12 -0600


In article <m0rRwP6-0000o1C%kro.amtp.cam.ac.uk () damtp cambridge ac uk>,
Jon Peatfield  <J.S.Peatfield () amtp cam ac uk> wrote:

| I'd like to add a new authentication mechanism to X which uses Ident (TAP, 
| RFC-931 etc), to check that a user is permitted.  e.g. a server is given a 
| list of allowed user/machine pairs by a program like xhost:
| 
|   (e.g. xhost +fred () jim jam org)
[ ... ]
| Ident is not supposed to be used for authentication I hear people shout.  
| However, X connections should really only be made from machines you trust as 
| otherwise anyone with root access can steal the cookie or pretend to be that 
| user anyway.  I.e. using Ident for this is no worse than admitting that you 
| must trust the remote host is ok anyway.

Yup.  People are gonna start quoting the RFC on you here, pointing at
you and calling you 'Sinner' ...

But the bottom line is that ident is better than nothing -

   xhost fred () jim jam org

is at *least* as good as

      xhost jim.jam.org

It would also be useful if you could combine xhost and xauth - have a
key that's valid only from certain addresses.  The ability to revoke
keys would indeed also be useful ...

Other things that would generally improve X security I think :

 - syslog logging of failed connections, or for the paranoid, all
   connections.  Right now, X11R5 and 6's X server have a '-audit' option
   that allows you to make it print, to STDERR, some log info.  '-audit
   1', the default, lists failed connections only.  I believe '-audit 2'
   lists all connections.  But the problem with this is that it goes to
   STDERR, which is often redirected to /dev/null or just not watched.
   Making it so it's not ignored is not a trivial endeavor.

   Has anybody written a patch to X11R6 to move this logging from STDERR
   to syslogd?  I'd like to do this, but haven't taken the time to see
   how hard it would be (shouldn't be very ...)

 - Default startup scripts that use xauth - excellent idea!
   At school, very few people use xauth - they just use what was given
   to them, and it works, and they don't really care much past that.  If
   they were given stuff that used xauth from day one, they'd use it, and
   it would work, and they wouldn't care much past that either.

 - The ability to give a 'limited power' X key/authorization - this
   would probably NOT be easy to do, but would be very helpful when you
   want to let somebody show you something on your X screen, but don't
   want to let them take over your screen entirely.

Current thread:

Re: Xwindows security?, (continued)
- - - Re: Xwindows security? Julian Assange (Jan 13)
    - Re: Xwindows security? Timothy Newsham (Jan 11)
    - about /usr/etc/chill *Hobbit* (Jan 11)
    - mountd keeps vanishing (!) Eric Berggren (Jan 11)
    - Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
    - Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)
    - Re: mountd keeps vanishing (!) Pete Shipley (Jan 14)
    - X Window System security Stephen Gildea (Jan 11)
- Re: Xwindows security? William McVey (Jan 10)
  - Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Doug McLaren (Jan 11)
- Re: Xwindows security? der Mouse (Jan 11)
  - xcrowbar Dave Goldberg (Jan 11)
  - xcrowbar/ident for x Nathan Lawson (Jan 11)