Bugtraq mailing list archives
X security, again
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Tue, 17 Jan 1995 14:31:00 -0500
After all the talk about X security, including me saying how xconns could be souped up to be reasonably useful, I decided to _do_ something instead of just talk. I now have a program that behaves superfically like xconns, but with some significant differences: - It uses RFC931 to display usernames, when the client host supports RFC931. - It allows the user to freeze (and unfreeze) connections, or kill them, independent of the client, and very importantly independent of the server. The KillClient request can be used to forcibly disconnect a client from the server, but only if the client has created a resource, which (for example) neither xkey nor xcrowbar does. - It monitors the connection, and if it sees certain dubious requests (currently configurable only by hacking on the source), it pops up a little menu with which the user can allow the request, have it replaced with a NoOperation request, or kill the connection. The dubious requests are, at present, requests to change the host access list, requests to enable or disable access control, and ChangeWindowAttributes requests operating on non-root windows not created by the same client. There is much that it doesn't do but perhaps should. More operations should be considered "dubious" (eg, DestroyWindow on others' windows) and it would be nice to be able to configure access control and levels of trust somehow. Consider this proof-of-concept, if you will. :-) This program is up for anonymous ftp from collatz.mcrcim.mcgill.edu, in /X/xc.c (please ask for xc.c.gz if you have gunzip - be kind to my poor netlink). There is currently no documentation aside from what I've written above; once I get some written I'll drop it in as xc.doc. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION, (continued)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Farrell McKay (Jan 16)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Christopher Klaus (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION jsz (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION jsz (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Leo Bicknell (Jan 17)
- (Fwd) WWW Servers on SOLARIS Bandwidth flood on Internet Darren Reed (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Christopher Klaus (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION G.J.W. Hagenaars (Jan 17)
- CRACK for PCs? Robert Moskowitz (Jan 17)
- Re: CRACK for PCs? Perry E. Metzger (Jan 17)
- X security, again der Mouse (Jan 17)