[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#4233: startx does not initialize X cookies

Package: xbase
Version: 3.1.2-9

The startx script does not initialize the X Magic Cookies when
X is started up.  This can be a significant security hole.

I would suggest adding a line like

xauth add :0 . `dd if=/dev/urandom count=1 bs=16 | md5sum`

to startx (ok, so md5sum is merely the fastest way to get
a correctly formatted string - possibly od can be persuaded with
the right options, or somebody can write a Perl script).
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.

Reply to: