Re: Xwindows[sic] security?

[mouse () Collatz McRCIM McGill EDU (der Mouse)]

> > I'd like to add a new authentication mechanism to X which uses Ident
> > (TAP, RFC-931 etc), to check that a user is permitted.
> This pretty much reduces down to the same problem that xhost has.
> [...]  If I have physical access the host I can change my username,
> run an ident faker, or otherwise compromise any security mechanism
> which relies upon the remote machine to provide the authentication.
> You allow for a bit more granularity in access control in a trusted
> (and trusting) environment, but if you already have this level of
> trust xhost is good enough anyway because all you really need to do
> is prevent someone from accidentally popping up a window on your
> display...

I find myself disagreeing with you here.  For example, at work we have
two or three central serverish machines.  I trust the machines in the
sense that I trust their admins (I'm one of said admins :-), but no way
do I trust all users on them.  Thus, I would hesitate to just drop them
into my access list to let myself easily run clients there...but I _do_
trust them enough that I would not hesitate to drop myself, IDENT
verified, into my access list.  This would keep Joe Malicious from
siccing xkey on me from there while still allowing me to freely pop up
clients from those machines.

I feel that IDENT-style user@host authentication has its uses.  But I'm
of two minds about putting it into the X server.  It seems to me it
would be more appropriately put into a front-end fancy authenticator
process, like a souped-up version of the xconns I've mentioned on
bugtraq a few times already.  If nothing else, this makes it much
easier for me to hack on the front end when I decide I want a new
feeping creature in it :-)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu