Re: Xwindows security?
Rens Troost (rens@imsi.com)
Wed, 11 Jan 1995 12:00:48 -0500
>>>>> "Jon" == Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk> writes:
Jon> It is a little better as you don't have to copy arround cookies
Jon> (usually done in very insecure ways) and all the authentication
Jon> is done in the X server rather than just trusting anyone who
Jon> has got a copy of the cookie. You can also revoke a
Jon> (user,host) pair at the server end once you have finished using
Jon> that machine.
I see your point; the functionality looks better. But the actual
security is still at the level of trusting the host.
Jon> One trick you can do with this is to get the X server to run
Jon> through all current windows and perform the check again on
Jon> their existing connection based on the current rules. A server
This is a decent idea, though you'd have to keep state about the user
associated with the display connection in the server. If you're going
to be keeping this kind of information in the server on a
per-connection basis, you may as well keep some sort of token or
cookie
Jon> The actual code to do an Ident based checker is pretty small,
Jon> not much more than the size of the current cookie checker and
Jon> generator. Not *much* more complex.
Authentication is now moved to an external process on a different
machine possibly at a different site. Again, this gives a very nice
paradigm for managing authorization, but I do not see how it can be
said in any way to provide authentication.
Jon> I don't see how multiple cookies would help unless you generate
Jon> a different one for each host and require a (cookie,host) pair
Jon> to match.
one for each (host, user), actually. Yes, cookie distribution remains
a problem.
Jon> encrypted system (like say krb5) could be much better if done
Yeah, clearly. kerberos is so heavyweight, though that few sites end
up installing it. Perhaps a pgp-based thing would catch on more. No
gnarly key distribution architecture needed.
-Rens