Re: Xwindows security?

[bet () std sbi com (Bennett Todd)]

> However, this is not really a problem.  X contains authorization
> mechanisms [....]  As is so often the case, the way to attack this problem
> is by educating people, thus making them understand why they want to be
> careful and what mechanisms are available to allow them to do so, rather
> than imposing technical restrictions that are easy to get around and, since
> they don't teach anyone _why_ they're there, just incite people to do so.

I don't really entirely disagree here, but I think "educating people" is
only part of the process of convincing management to allow you to make a
change (and demo programs like the recently-posted "xkey" are great for this
purpose); the actual change I think is best made by automating it. Don't try
to convince all your users to set up xauth(1); that's a hideous job, made
vastly harder than it should be by the cryptic documentation, and the lack
of a secure standard cookie generator. Instead fix the standard startup
script that users invoke, so that they begin running with proper
authentication. There's still some education involved; you've gotta also
develop suitable tools for helping them pass cookies around wherever they
need to, and teach them how to use them; but I think the bulk of the job
lies in automating the setup and use of Xauthority so it's no additional
bother for users.

-Bennett
bet () sbi com

P.S. For completeness, here's my current cookie generator. I invoke it as
"randstuff 32 HEX" to generate a key suitable for MIT-MAGIC-COOKIE-1.

#!/usr/local/bin/perl

# This is a joint development project. People have contributed tips from all
# over; please forgive me (and let me know!) if you aren't mentioned below.
# But the basic concept came from Larry Wall, the first major attempt at an
# implementation came from Bennett Todd, then Larry Wall came back with more
# bugfixes and enhancements than there were actual lines of code. Since then
# other people have contributed tweaks and enhancements. Additional helpful
# ``noise'' commands have been contributed by Brian Ward.

($progname=$0)=~s#.*/##;
$syntax="syntax: $progname [-n] [len [printable|all|hex|HEX]]\n";
require 'getopts.pl';
&Getopts('n') || die $syntax;

defined($max = shift)      || ($max = 8);
defined($alphabet = shift) || ($alphabet = 'printable');
($#ARGV == -1)             || die $syntax;

domain: {
        $_ = $alphabet;
        /^printable$/ && do { $chars = pack("C*", (32 .. 126)); last domain; };
        /^all$/ && do       { $chars = pack("C*", ( 0 .. 255)); last domain; };
        /^hex$/ && do       { $chars = "0123456789abcdef";      last domain; };
        /^HEX$/ && do       { $chars = "0123456789ABCDEF";      last domain; };
        die $syntax;
};

@chars = split('', $chars);

@randstring = split('', &randbits($max));

foreach $i (@randstring) {
        print $chars[ord($i) % $#chars];
}

print "\n" unless $opt_n;

exit 0;

sub randbits {
        local($nbytes) = @_;
        local(*_, $noise, $buf, $limit, $discard, $newlen);

        # Here's the big non-portability. This command works really well on
        # Sun workstations running SunOS; on other platforms, root around for
        # commands that report lots of detailed OS internals state, plus a
        # compressor or other program to smear the bits about.
        $noise = '(ps -agxlww;pstat -afipSsT;free;cat /proc/net/dev)2>/dev/null|compress';

        # Run the noise command; in case it croaks, slap on whatever other state we
        # can conveniently (portably) find.
        $buf = `$noise` . $$ . getppid() . time . join('', %ENV);

        # Gotta have enough bits for at least one good fold.
        $limit = int(length($buf)/2);
        die "Insufficient random state; try less than $limit\n" if $nbytes > $limit;

        # Get Perl to treat ^ as bit-string op
        $discard = vec($buf, 0, 8);

        # Now fold the noise down by repeated xor, halving the buffer until it's but
        # little bigger than xauth(1) wants.
        while (length($buf) >= $nbytes*2) {
                $newlen = int((length($buf) + 1) / 2);
                $buf = (substr($buf, 0, $newlen) ^ substr($buf, $newlen, $newlen));
        }

        # Final fold may turn in some nulls, but fits it exactly to $nbytes without
        # discarding any bits.
        substr($buf, 0, $nbytes) ^ substr($buf, $nbytes, $nbytes);
}