Bugtraq mailing list archives
Re: Xwindows[sic] security?
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 11 Jan 1995 14:30:47 -0500
But the bottom line is that ident is better than nothing -
xhost fred () jim jam org is at *least* as good as xhost jim.jam.org
Not quite. The former gives a sense of security that may be unjustified. While _you_ will not be taken in, joe-user who doesn't really understand what the deal is with xhost to begin with quite likely will be.
It would also be useful if you could combine xhost and xauth - have a key that's valid only from certain addresses. The ability to revoke keys would indeed also be useful ...
Other things that would generally improve X security I think :
- The ability to give a 'limited power' X key/authorization - this would probably NOT be easy to do, but would be very helpful when you want to let somebody show you something on your X screen, but don't want to let them take over your screen entirely.
Here again, xconns (the front-end program I referred to in a previous note) could be useful. Not as it stands, perhaps, but with a little hacking to make it monitor the X traffic this could be done. (It would also have to be hacked on to make it do something with the authenticator passed by the real client, which it currently ignores.) I've gotten enough people asking me about this front-end that I'll note here: yes, it's available, but it's not in the form of a cleaned-up distribution, so you may have a little work to do to make it compile. Anonymous ftp to collatz.mcrcim.mcgill.edu (132.206.78.1), cd /X, dir xconns*, and fetch whatever looks interesting. (Please ask for .gz files if you have gunzip - be kind to my poor slow netlink....) der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Xwindows[sic] security? der Mouse (Jan 11)
- <Possible follow-ups>
- Re: Xwindows[sic] security? der Mouse (Jan 11)