Re: Xwindows security?
der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Wed, 11 Jan 1995 10:33:09 -0500
>> Xhost actually has one advantage, of a sort, over xauth: users of
>> xhost can grant access, and later take that access away.
> You want to be very careful in assuming that because you type
> 'xhost -' that your vulnerability goes away. [...existing
> connections are undisturbed...] Additionally, clients (like
> xcrowbar) can be started when no authority is in place that turns off
> the authority mechanisms altogether, thus making the 'xhost -' a moot
> point.
What's xcrowbar, and how does it "turn[] off the authority mechanisms
altogether"? In my experience, only clients running on the local host,
or the xdm host if the server was started with xdm, can fiddle with the
access control mechanisms.
In any case, yes, it's true that "xhost -" doesn't magically mean
you're safe again. What I do, to get the convenience of "xhost -"
without giving up quite as much security, is I run a front-end program
that accepts connections, replaces the authentication in the startup
exchange with saved info that the server will accept, and also
maintains a window displaying a list of the connections (currently just
host addresses, but it could be modified to display user names if the
remote host supports IDENT). My program currently doesn't, but could,
monitor the X request/reply stream and take arbitrary action (freeze
the connection, alert me, pop up an interactive protocol debugger
window) if it sees something questionable, like a client selecting for
keystrokes on a window it didn't create.
der Mouse
mouse@collatz.mcrcim.mcgill.edu