Bugtraq mailing list archives
Re: Xwindows security?
From: bf () morgan com (Benjamin Fried)
Date: Tue, 10 Jan 1995 13:10:45 -0500
"Bennett" == Bennett Todd <bet () std sbi com> writes:
[...] Bennett> Don't try to convince all your users to set up xauth(1); Bennett> that's a hideous job, made vastly harder than it should be Bennett> by the cryptic documentation, and the lack of a secure Bennett> standard cookie generator. Instead fix the standard startup Bennett> script that users invoke, so that they begin running with Bennett> proper authentication. There's still some education Bennett> involved; you've gotta also develop suitable tools for Bennett> helping them pass cookies around wherever they need to, and Bennett> teach them how to use them; but I think the bulk of the job Bennett> lies in automating the setup and use of Xauthority so it's Bennett> no additional bother for users. I agree wholeheartedly, especially that better tools are needed to make it easy for users to pass around the keys to their display. Xhost actually has one advantage, of a sort, over xauth: users of xhost can grant access, and later take that access away. Xauth doesn't permit this: there's no way to revoke a key to your display. You've got to restart the X server. Once you've given a key to someone, you can't take it away. What's needed is a way to dynamically create new, different keys for your display, and to be able to tell the X server to individually enable and disable them. Ben
Current thread:
- Re: Xwindows security? der Mouse (Jan 06)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Jon Peatfield (Jan 10)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- xcrowbar William McVey (Jan 11)
- xcrowbar der Mouse (Jan 11)
- Re: Xwindows security? Dave Kinchlea (Jan 11)
- Re: Xwindows security? Adam Shostack (Jan 11)
- Re: Xwindows security? Darren Reed (Jan 11)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Bennett Todd (Jan 09)