[11445] in bugtraq
Re: XDM Insecurity revisited
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Aug 20 21:22:38 1999
Content-Type: text
Message-Id: <E11HSMz-0006kS-00@the-village.bc.nu>
Date: Thu, 19 Aug 1999 14:36:38 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: jtb@THEO2.PHYSIK.UNI-STUTTGART.DE
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990818122620.A16339@luna.theo2.physik.uni-stuttgart.de> from
"Jochen Bauer" at Aug 18, 99 12:26:20 pm
> Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
> (1.5 years later) shipped with this default Xaccess file. It is somehow
> ironic that e.g. SuSE now uses tcpwrappers by default on most TCP
> services in it's distribution and describes the use of tcpwrappers in
> the manual in a special chapter about security, but fails to close (or
> even mention) that way to circumvent login restrictions.
Even more fun, just open 1024 xdcmp sessions with a remote xdm on a low
spec box. Xdm doesnt like this. Gdm at least does damage limitation in
this case.
On the Red Hat side, for a standard Red Hat 6 using gdm not xdm, edit
/etc/X11/gdm.conf and set it to
[xdcmp]
Enable=0
and life is happier.
