Bugtraq mailing list archives

X Window System security

From: gildea () x org (Stephen Gildea)
Date: Wed, 11 Jan 1995 11:13:48 EST


There are already good tools for setting up keys and passing them
around.  xdm sets up keys.  xrsh passes them to remote clients.

Host-based authorization isn't the only revokable access method.
Anything that has principals, rather than passwords, has this
advantage.  In X11R6 there are two such schemes, MIT-KERBEROS-5 and
SUN-DES-1.  (SUN-DES-1 was also in R5.)  So while you can't take an
MIT-MAGIC-COOKIE away from someone, you can deny KRB:gildea () x org
further connection rights.  See the Xsecurity(1) manual page for
details.

Note that none of these methods allow you to revoke the authorization
of an already-connected client.

 < Stephen
   X Consortium

Current thread:

Re: Xwindows security?, (continued)
- - - Re: Xwindows security? Adam Shostack (Jan 11)
    - Re: Xwindows security? Darren Reed (Jan 11)
    - Re: Xwindows security? Jim McCoy (Jan 11)
    - Re: Xwindows security? Julian Assange (Jan 13)
    - Re: Xwindows security? Timothy Newsham (Jan 11)
    - about /usr/etc/chill *Hobbit* (Jan 11)
    - mountd keeps vanishing (!) Eric Berggren (Jan 11)
    - Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
    - Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)
    - Re: mountd keeps vanishing (!) Pete Shipley (Jan 14)
    - X Window System security Stephen Gildea (Jan 11)
- Re: Xwindows security? William McVey (Jan 10)
  - Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Doug McLaren (Jan 11)
- Re: Xwindows security? der Mouse (Jan 11)
  - xcrowbar Dave Goldberg (Jan 11)
  - xcrowbar/ident for x Nathan Lawson (Jan 11)