[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange X11 Assersion

Philip Thiem <witwerg@icequake.net> writes:

> Thanks for the clarification.  I had posted that I thought it was FUD,
> but my language
> was _too_ strong.  Yeah, that makes sense, but it was presented to me
> on such a wide scale,
> that it didn't make sense to me.  

The key is that random users shouldn't be allowed to connect to an
Xservers.  At a minimum you should be set up to use MIT-MAGIC-COOKIE,
which is essentially a shared secret.  If you are using host-based
authentication (eg `xhost myhost`) then anyone on the authorized hosts
can connect.  If you do `xhost +` then everyone can connect.

> Would it be correct this this is about as severe,
> as have a root user at all.  (Because the root password could be set
> to empty and them /proc/mem used
> to intercept other programs).  An issue, but a manageable one (use a
> real password).

Probably a little less severe.  If an unwanted user connects to the
xserver, they have probably only compromised the actual user of that
Xserver, not root.  Even though the Xserver runs as root it shouldn't
allow users to fork/exec new processes or edit files.  So the unwanted
user can capture info from the actual user, and _maybe_ use XTEST to
launch a process on behave of the actual user, but would need to use
some other mechanism to extend the compromise to other accounts.

As mentioned above, the solution is to make sure that unwanted users
cannot connect to the X server.  Make sure authorization is setup
and use xauth rather than xhost.


/*  Dale Southard Jr.  dsouth@llnl.gov  925-422-1463 fax 422-9429  */
/*  Computer Scientist, Advanced Simulation and Computing Program  */
/*  L-073,  Lawrence Livermore National Lab,  Livermore CA  94551  */

Reply to: