[12216] in bugtraq
Re: MicroImages MIX X Server
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Tue Oct 12 04:40:53 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38021C8E.C3C8D74C@nis.acs.uci.edu>
Date: Mon, 11 Oct 1999 10:21:18 -0700
Reply-To: strombrg@NIS.ACS.UCI.EDU
From: Dan Stromberg <strombrg@NIS.ACS.UCI.EDU>
X-To: Rich Lafferty <rich@ALCOR.CONCORDIA.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
Rich Lafferty wrote:
>
> Quoting H D Moore (secureaustin@CONSULTANT.COM) from Wed, Oct 06, 1999 at 12:50:28PM -0500:
> > The last version of MIX X Server I used did not have any authentication
> > to speak of (so xhost, xauth, etc). It not only crashed when I sent
> > garbage to it's tcp port, but tended to randomly crash the X
> > applications running on them. Just my .02 --
>
> That must have been a while ago. Both the Windows and MacOS versions of
> MI/X from 1997 have host-based authentication.
>
> -Rich
If so, their FAQ needs to be updated:
35.Q: Does MI/X support xauth, or is there some other means of limiting
what users can use it or what applications they can open?
A: No.
