Re: Xwindows[sic] security?

[mouse () Collatz McRCIM McGill EDU (der Mouse)]

> But the bottom line is that ident is better than nothing -

>    xhost fred () jim jam org
> is at *least* as good as
>       xhost jim.jam.org

Not quite.  The former gives a sense of security that may be
unjustified.  While _you_ will not be taken in, joe-user who doesn't
really understand what the deal is with xhost to begin with quite
likely will be.

> It would also be useful if you could combine xhost and xauth - have a
> key that's valid only from certain addresses.  The ability to revoke
> keys would indeed also be useful ...

> Other things that would generally improve X security I think :

>  - The ability to give a 'limited power' X key/authorization - this
>    would probably NOT be easy to do, but would be very helpful when
>    you want to let somebody show you something on your X screen, but
>    don't want to let them take over your screen entirely.

Here again, xconns (the front-end program I referred to in a previous
note) could be useful.  Not as it stands, perhaps, but with a little
hacking to make it monitor the X traffic this could be done.  (It would
also have to be hacked on to make it do something with the
authenticator passed by the real client, which it currently ignores.)

I've gotten enough people asking me about this front-end that I'll note
here: yes, it's available, but it's not in the form of a cleaned-up
distribution, so you may have a little work to do to make it compile.
Anonymous ftp to collatz.mcrcim.mcgill.edu (132.206.78.1), cd /X, dir
xconns*, and fetch whatever looks interesting.  (Please ask for .gz
files if you have gunzip - be kind to my poor slow netlink....)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu