[5366] in bugtraq
X Security: a summary
daemon@ATHENA.MIT.EDU (Lionel Cons)
Tue Oct 7 13:01:49 1997
Date: Tue, 7 Oct 1997 11:59:03 -0400
Reply-To: Lionel Cons <Lionel.Cons@CERN.CH>
From: Lionel Cons <Lionel.Cons@CERN.CH>
To: BUGTRAQ@NETSPACE.ORG
I've written some pages on the web describing different aspects of "X
security". There is nothing really new here but it seems that most
people are unaware of all the kinds of problems they may face. Here is
an example:
> Joe is a skilled sysadmin with good UNIX security knowledge. His
> personal workstation is highly protected and his pager gets an alarm
> when someone tries to portscan any of his machines. At the end of the
> day, to relax a bit, he connects to a public server (with ssh of
> course) using a non-privileged account. He then starts Netscape to
> enjoy the latest Tamagotchi Java applet. A few minutes later, he hears
> his local disk spinning while his home directory is being destroyed...
>
> How can this be possible?
>
> Exploiting yet another flaw in Java/Netscape, a bad guy gets read
> access to his non-privileged account. From here, he can connect to the
> X server on Joe's workstation using the ssh X forwarding
> capability. He then simply sends "rm -fr ~" to a Tk/Tcl application,
> locally running on Joe's workstation...
One page describes a program that I wrote (named mxconns) that may
help you to protect your X server.
If you are interested, have a look at
http://wwwinfo.cern.ch/dis/security/x/
Comments, additions, etc. are welcome!
________________________________________________________
Lionel Cons http://wwwinfo.cern.ch/~cons
CERN http://www.cern.ch
-
Hinds' 6th Law of Computer Programming
Program complexity grows until it exceeds the capability of the
programmer who must maintain it.
