Bugtraq mailing list archives
Re: Xwindows security?
From: J.S.Peatfield () amtp cam ac uk (Jon Peatfield)
Date: Wed, 11 Jan 1995 17:20:36 +0000
(2nd attempt, 1st one had finger trouble.)
Jon> One trick you can do with this is to get the X server to run Jon> through all current windows and perform the check again on Jon> their existing connection based on the current rules. A server This is a decent idea, though you'd have to keep state about the user associated with the display connection in the server. If you're going to be keeping this kind of information in the server on a per-connection basis, you may as well keep some sort of token or cookie
You have a choice here. Either cache the information on a per connection basis or rescan all connections. (For each connection you know which host it is to (stored in the TCP layer) and you can just do the Pident lookup again.) Personally I'd prefer to cache the values, memory is cheaper than network bandwidth:-) Yes you could keep a (cookie,host) pair per connection instead but then you still have to distribute them to each host. Cookies work well with NFS shared home directories in small clusters of trusted machines and other cases where you don't have to shunt them over the network. Using Pident saves the cookie pushing and provides most of the features of (cookie,host) pairs. Yes it doesn't work in all cases. E.g. X over DecNet, but I'm sure people can invent tricks to do similar lookups. (Unix-Domain-Sockets can be done for example by a daemon which looks to see who has the other end open.) -- Jon
Current thread:
- Re: Xwindows security? der Mouse (Jan 06)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Jon Peatfield (Jan 10)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- xcrowbar William McVey (Jan 11)
- xcrowbar der Mouse (Jan 11)
- Re: Xwindows security? Dave Kinchlea (Jan 11)
- Re: Xwindows security? Adam Shostack (Jan 11)
- Re: Xwindows security? Darren Reed (Jan 11)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Jim McCoy (Jan 11)
- Re: Xwindows security? Julian Assange (Jan 13)
- Re: Xwindows security? Timothy Newsham (Jan 11)
- about /usr/etc/chill *Hobbit* (Jan 11)
- mountd keeps vanishing (!) Eric Berggren (Jan 11)