[3325] in bugtraq
Re: Hostile X servers
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 3 13:52:40 1996
Date: Tue, 3 Sep 1996 12:32:22 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@piermont.com>
X-To: Zygo Blaxell <zblaxell@myrus.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of "Sun, 01 Sep 1996 12:31:57 EDT."
<50cdpt$atk@fludd.myrus>
Zygo Blaxell writes:
> For those of us who've been paying attention for the last six months,
> this can be no surprise. However, this makes me think of other X-related
> attacks.
There are dozens of X attacks. My generic way to stop them these days
is to compile the X server without TCP support. Yes, this still makes
users vulnerable to others logging in to their workstation, but it
does totally eliminate the threat of others on the network hitting
them. It does perhaps reduce functionality somewhat, but you can get
it back with things like ssh to provide tunnels for applications...
Perry
