Re: a small C program to test xdm's /dev/mem reading on your architecture
[Apologies to readers of debian-sparc, who have already received a copy of this]
In article <m2n.s.17jRyafirstname.lastname@example.org> email@example.com write:
>/dev/random? /dev/urandom? You are kidding. This randmomness is used
>to create authorisation cookies for X which in my understanding provide
>ZERO security. Use plain libc rand() and the security is exactly the same.
In the situation where the X session is in practice running over unix
sockets (or other configurations where all the data stays local to the
machine without being vulnerable to network (or other) sniffing
attacks), the cookies in question provide the security that they were
designed for - namely requiring a significant proportion of the space
available to said cookies to be trawled to be able to send
authenticated requests to the X server.
 Although, said server may be listening for tcpip connections, or
those of other protocols to which the attacker can send their
 Having looked at the code, it is not obvious to me that the
entropy produced in said cookies doesn't have a maximum of 32 bits,
even if the cookie is longer than that.