Re: Taking over vnc, vnc-doc. Also xdm information request.
Marcus Brinkmann wrote:
> although I don't understand what it is doing, it is working quite good now.
X11 magic cookies are usually generated when a user logs in, XDM
copies them to the ~user/.Xauthority file which is supposed to
be readable only by the user. The server also knows the cookie's
The idea is that each X11 client which connected to the X server
proves that he can read your .Xauthority file by sending the cookie (or
some variation on it, so people can't sniff it from the net).
Since the cookie is (hopefully) very random there is very little
chance that an imposter will be able to guess it.
More than one cookie can be stored in each file, and they are
associated with a particular display. The X server disntinguishes
between the UNIX-domain socket (the one used in ":0.0") and the
TCP port 6000 socket (the ones used when giving a hostname),
that's why you have to copy the cookie twice - once for each display
you might use.
> Now that I don't have any problems, could you probably drop me a few lines
> what it is about xauth... Maybe you even want to post it on debian-user, as
> I think it is an important issue but most people do something like host
> authorization etc... if I have understood it, I would volunteer to write a
> few things for the Debian Faq-o-matic.
Thanks. Hope it's OK with you that I simply send a copy to
debian-user, I'm not subscribed to that list (I hardly manage to
follow debian-devel, and this is just because as a package
maintainer I am obliged to subscribe to it).
> Now to the quote above: Xvnc is using a single password for authorization.
> The startup scripts uses the above lines I do not understand. Later a viewer
> client can connect to the server via TCP, only giving the password stored in
> a file readable by the server. I don't think that this is a very elegant
> solution, but I'm afraid that there is not much we can do about it...
I haven't peeped into vnc yet so I don't knw exactly the context in
which this script runs. The basic thing is that it uses xauth (the
authority file management program) to add new cookies to the
.Xauthority file (or whatever file the XAUTHORITY envariable
points to). BTW, you better use something more random for the
seed, like (from the perlfunc manual):
srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
read the srand section in perlfunc for more detail. Using the
SUM of the pid and time is not random enough since a proximate
guess is pretty easely obtainable (anyone knows what's the time,
and pid's can be aproximated from current pid lists). You might
also want to look at the debian archives for even better random
number generators, or use Linux' /dev/urandom.
--Amos Shapira | "Of course Australia was marked for
| glory, for its people had been chosen
email@example.com | by the finest judges in England."
| -- Anonymous
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com