Bug#4233: startx does not initialize X cookies

To: submit@bugs.debian.org
Subject: Bug#4233: startx does not initialize X cookies
From: Thomas Koenig <ig25@mvmampc66.ciw.uni-karlsruhe.de>
Date: Thu, 22 Aug 1996 16:57:13 +0200 (MET DST)
Message-id: <[🔎] 199608221457.QAA03695@mvmap66.ciw.uni-karlsruhe.de>
Reply-to: Thomas Koenig <ig25@mvmampc66.ciw.uni-karlsruhe.de>, 4233@bugs.debian.org

Package: xbase
Version: 3.1.2-9

The startx script does not initialize the X Magic Cookies when
X is started up.  This can be a significant security hole.

I would suggest adding a line like

xauth add :0 . `dd if=/dev/urandom count=1 bs=16 | md5sum`

to startx (ok, so md5sum is merely the fastest way to get
a correctly formatted string - possibly od can be persuaded with
the right options, or somebody can write a Perl script).
-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.

Reply to:

Follow-Ups:
- Bug#4233: startx does not initialize X cookies
  - From: Guy Maor <maor@ece.utexas.edu>

Prev by Date: Bug#4232: bison dumps core
Next by Date: Bug#4234: errors in /usr/man/man8/make-kpkg.8
Previous by thread: Bug#4232: bison dumps core
Next by thread: Bug#4233: startx does not initialize X cookies
Index(es):
- Date
- Thread