[8431] in bugtraq
Re: X11 cookie hijacker
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Thu Nov 5 19:18:00 1998
Date: Thu, 5 Nov 1998 09:06:37 +0100
Reply-To: Olaf Kirch <okir@MONAD.SWB.DE>
From: Olaf Kirch <okir@MONAD.SWB.DE>
X-To: David Dawes <dawes@XFREE86.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 03 Nov 1998 18:13:54 +1100."
<19981103181354.L6133@rf900.physics.usyd.edu.au>
On Tue, 03 Nov 1998 18:13:54 +1100, David Dawes wrote:
> I assume from this list that you don't have a real solution? We've all
> seen the "potential" solutions before. The problem doesn't still exist
> because nobody cares about it. It still exists because nobody has, to
> my knowledge, found a real solution to it.
I consider a solution that leaves my X session open to eavesdropping
and manipulation worse than a hack that's advertised as breaking some
minor things but going to go away as soon as a better solution is
found.
Second, not all approaches necessarily break things.
1. Unix domain sockets could easily abandoned with, provided
XOpenConnection clandestinely maps "unix:0" to "localhost:0".
2. If making /tmp/.X11-unix mode 711 breaks servers that are not
setuid root, why not at least protect the ones that are?
How many X servers typically get installed on a single machine?
AFAIK, most Unix vendors have been able to come up with a solution.
Not a universal one, but one that works for their servers, and
apparently doesn't break XOpenConnection big time.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
