[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a small C program to test xdm's /dev/mem reading on your architecture

[Apologies to readers of debian-sparc, who have already received a copy of this]

In article <m2n.s.17jRya-000tc0@chiark.greenend.org.uk> rz@linux-m68k.org write:
[XDM randomness]
>/dev/random? /dev/urandom? You are kidding. This randmomness is used 
>to create authorisation cookies for X which in my understanding provide 
>ZERO security. Use plain libc rand() and the security is exactly the same.

 In the situation where the X session is in practice running over unix
sockets (or other configurations where all the data stays local to the
machine without being vulnerable to network (or other) sniffing
attacks)[1], the cookies in question provide the security that they were
designed for - namely requiring a significant proportion of the space
available to said cookies to be trawled to be able to send
authenticated requests to the X server.[2]


[1] Although, said server may be listening for tcpip connections, or
those of other protocols to which the attacker can send their

[2] Having looked at the code, it is not obvious to me that the
entropy produced in said cookies doesn't have a maximum of 32 bits,
even if the cookie is longer than that.

Reply to: