Bugtraq mailing list archives

Re: Xwindows security?

From: wam () cs purdue edu (William McVey)
Date: Tue, 10 Jan 1995 18:08:42 -0500


Benjamin Fried wrote:

Xhost actually has one advantage, of a sort, over xauth: users of xhost
can grant access, and later take that access away.


You want to be very careful in assuming that because you type 'xhost -'
that your vulnerability goes away.  All clients (like xkey) started
when the authority was off are still connected and are potentially
dangerous.  Additionally, clients (like xcrowbar) can be started when
no authority is in place that turns off the authority mechanisms
altogether, thus making the 'xhost -' a moot point.

 -- William McVey
    Instructional Labs Administrator
    Department of Computer Science
    Purdue University

Current thread:

Re: Xwindows security?, (continued)
- - - Re: Xwindows security? Darren Reed (Jan 11)
    - Re: Xwindows security? Jim McCoy (Jan 11)
    - Re: Xwindows security? Julian Assange (Jan 13)
    - Re: Xwindows security? Timothy Newsham (Jan 11)
    - about /usr/etc/chill *Hobbit* (Jan 11)
    - mountd keeps vanishing (!) Eric Berggren (Jan 11)
    - Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
    - Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)
    - Re: mountd keeps vanishing (!) Pete Shipley (Jan 14)
    - X Window System security Stephen Gildea (Jan 11)
- Re: Xwindows security? William McVey (Jan 10)
  - Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Doug McLaren (Jan 11)
- Re: Xwindows security? der Mouse (Jan 11)
  - xcrowbar Dave Goldberg (Jan 11)
  - xcrowbar/ident for x Nathan Lawson (Jan 11)