[1567] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] How to protect X sessions?

daemon@ATHENA.MIT.EDU (Timo Felbinger)
Sun Jun 1 02:13:58 1997

Date: Sat, 31 May 1997 13:33:47 +0200 (MET DST)
From: Timo Felbinger <felbing@pandora.physik.uni-konstanz.de>
Reply-To: Timo.Felbinger@uni-konstanz.de
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com


Hello,

the way most Linux (and not only Linux) systems are administrated
opens up huge security loopholes: usually, I start X once after
reboot and have it running till next shutdown, only temporarily
locked via xlock, with lots of windows permanently open. 

Critical administrative tasks, even for remote machines, are 
performed in xterms, with lots of other applications running on 
the same desktop at the same time. I am sure almost everyone 
does it that way. 

Running insecure applications (in particular, netscape with Java 
enabled) under a separate account can be one step but still leaves
one big loophole open: all applications must be given permission
to connect to the X server, which can easily be exploited e.g. to
read all keyboard input.

One obvious workaround would be to run several X servers in parallel. 
This can indeed be done using Xnest, which is a server on its own but 
runs as a client in a window of the "real" server. It seems to maintain 
two separate sets of magic cookies: one to connect to its server, and 
another one which clients have to use to connect to Xnest.

Is it a good idea to run suspicious programs "in a box", i.e., under 
a different account with access only to the display provided by Xnest, 
isolating them from the "real" server? In particular, will this procedure 
reliably hide mouse and keyboard events taking place outside of the Xnest 
window from such programs?

Regards,

Timo Felbinger


home help back first fref pref prev next nref lref last post