home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!ogicse!uwm.edu!rpi!usc!noiro.acs.uci.edu!unogate!stgprao
- From: stgprao@xing.unocal.com (Richard Ottolini)
- Newsgroups: comp.windows.x
- Subject: Re: X Window Security
- Message-ID: <1992Jul30.154314.9311@unocal.com>
- Date: 30 Jul 92 15:43:14 GMT
- Article-I.D.: unocal.1992Jul30.154314.9311
- References: <1992Jul30.124558.24089@cscs.ch>
- Sender: news@unocal.com (Unocal USENET News)
- Organization: Unocal Corporation
- Lines: 22
- Originator: stgprao@xing
-
- In article <1992Jul30.124558.24089@cscs.ch> giordano@tamaro.cscs.ch (Silvia Giordano) writes:
- >Hello folks.
- >I would like to get your opinions and experiences about X Window
- >traffic. We are receiving many requests to open X Window traffic in
- >unrestricted way. The opinion of the Network&Security group at
- >our Supercomputer Centre is that this represents a definite security
- >hole since X Window is not considered to be a safe product (e.g. use
- >of not privileged TCP ports, weak X11R4 security design and so on).
- >
- >Could someone give me more info on X Window System security? I read the
- >tutorial by Dennis Sheldrick and explained the above well enough for me,
- >but I don't know any X installation filtering X access for security.
- >Isn't there an X-Window technical conference on security topic?
- >Isn't there anyone having experiences with X Window System security?
- >What is the policy implemented at your centre? Did you have negative
- >experiences with unrestricted X Window traffic?
-
- Basically there is no security unless you have explicitly turned it on.
- It is not to hard to write a little deamon to eavesdrop on someone's xterm
- session or insert keystroke events into someone's xterm. For example,
- window managers use event interception to implement their features.
- I am surprised so few serious hacks have been reported so far.
-
