Re: Xorg: Security past client auth.
On Sun, Jun 10, 2012 at 12:03 PM, Mike Mestnik
> To be honest I can't say one way or another about weather there are
> security issues in X if one has malicious clients connected.
> However I'm not having success discussing these matters over at
> email@example.com. I'm not the most likable person and I've even
> recently discovered that there a ppl who won't hesitate to pick on me.
> I can understand why ppl don't like me and that I have issues correctly
> expressing myself, even so I belive that what I'm trying to say is
> important. I believe that a discussion and perhaps further
> documentation on the security of X and more importantly the future
> security of X is overdue.
> For the purposes of this discussion I'd like to use a vary loose
> definition for malicious clients, to include any client running on a
> remote(from the X server) system. I believe that any system can be
> compromised and thus unknowingly be running a rootkit. There should be
> layers of security that would limit the effectiveness of such an attack.
> I belive doing so will cause Malicious Programmers and Users to be less
> likely to develop and deploy rootkits that have hooks into xclients to
> attack remote X servers.
> Therefore it's my assumption that a lack of security in this area would
> make the once Network Transparent Windows System, less useful over any
> network and promote the spread of any type of rootkit.
> This started after I read A LWN article about the story of the XInput
> multitouch extension. It seams that this extension may leak sensitive
> information to malicious clients.
> 1. http://lwn.net/Articles/485484/
> I wanted to discuss the issue with the grater X community, believing
> that what code to accept and reject as patches was indeed on-topic for
> firstname.lastname@example.org I posted over there first.
> 2. http://lists.x.org/archives/xorg-devel/2012-June/031561.html
> I was eventually moderated and have lost my ability to speak in that
> forum. This alone tells me that I need to keep trying, there is
> obviously some form of oppression going on here as me myself have been
By default, the Debian X packages launch with "-nolisten tcp" to avoid
the inherent issues in xorg's tcp implementation. You can however
still access remote X via ssh or other more secure means.
Actions speak loader than words, so if you can demonstrate the
weakness some existing unfixed issue, then by all means, that is a
much better way to communicate your message.