Re: bind() Security Problems

[baba () beckman uiuc edu (Baba Z Buehler)]

General Scirocco <sciri () newhackcity net> writes:

>         Cracking the MIT-MAGIC-COOKIE-1 authorization protocol.
>
> 1) Auth-data is generated from 16 successive random numbers.
>    MIT-MAGIC-COOKIE-1 can use 2 different methods of seeding the random
>    number generator:
>
>         a) Using the process ID of xdm client & time of day in seconds
>         b) Using the time of day in seconds & time of day in microseconds
>            (that connection was established).

I believe that xdm is what is generating the cookies in these ways... this is
why my login scripts make my cookies...


 randomkey=$( (ps -aewl;netstat -i;netstat -t;date) | md5 );
 xauth add $(hostname)/unix:0 . $randomkey
 xauth add $(hostname):0 . $randomkey
 unset randomkey


While generating more secure cookies, this still doesn't prevent sniffing and
hijacking.

b
--
# Baba Z Buehler - 'Hackito Ergo Sum'
# Beckman Institute Systems Services, Urbana Illinois
#
#  "I only use my gun when kindness fails"
#                                -- Robert Earl Keen, Jr.
#
# PGP public key on WWW homepage and key servers (key id: C13D8EE1)
# WWW: http://www.beckman.uiuc.edu/~baba/