[604] in bugtraq
Re: Xwindows security?
daemon@ATHENA.MIT.EDU (Benjamin Fried)
Tue Jan 10 19:44:03 1995
Date: Tue, 10 Jan 1995 18:20:14 -0500
From: bf@morgan.com (Benjamin Fried)
To: wam@cs.purdue.edu (William McVey)
Cc: bugtraq@fc.net
In-Reply-To: <199501102308.SAA14333@phoenix.cs.purdue.edu>
>>>>> "wam" == William McVey <wam@cs.purdue.edu> writes:
wam> Benjamin Fried wrote:
Ben> Xhost actually has one advantage, of a sort, over xauth: users
Ben> of xhost can grant access, and later take that access away.
wam> You want to be very careful in assuming that because you type
wam> 'xhost -' that your vulnerability goes away. All clients (like
wam> xkey) started when the authority was off are still connected
wam> and are potentially dangerous. Additionally, clients (like
wam> xcrowbar) can be started when no authority is in place that
wam> turns off the authority mechanisms altogether, thus making the
wam> 'xhost -' a moot point.
That's a good point. I really wasn't trying to be an advocate for
xhost, though. I was pointing out that the xhost model allows for
revocation of access, and xauth (at least when using MIT-MAGIC-COOKIE
access control) does not permit revocation of a user's access. As you
explain, xhost's ability to revoke access is flawed; however, no such
capability exists at all with MIT-MAGIC-COOKIE.
From what I've read, X11R6's MIT-KERBEROS-5 authorization seems much
better: it lets the user enable and disable access on a per-user basis,
provided you're all running Kerberos 5. Now if only our vendor(s) supported
R6!
Ben
