[609] in bugtraq
Re: Xwindows security?
daemon@ATHENA.MIT.EDU (Rens Troost)
Wed Jan 11 12:55:00 1995
To: Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk>
Cc: bf@morgan.com (Benjamin Fried), bet@std.sbi.com (Bennett Todd),
mouse@Collatz.McRCIM.McGill.EDU (der Mouse), ddk@beta.lanl.gov,
bugtraq@fc.net, e41126@rl.gov, jp107@amtp.cam.ac.uk
In-Reply-To: Your message of "Wed, 11 Jan 1995 06:19:25 GMT."
<m0rRwP6-0000o1C%kro.amtp.cam.ac.uk@damtp.cambridge.ac.uk>
Reply-To: rens@imsi.com
Date: Wed, 11 Jan 1995 10:19:41 -0500
From: Rens Troost <rens@imsi.com>
>>>>> "Jon" == Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk> writes:
Jon> Ident is not supposed to be used for authentication I hear
Jon> people shout. However, X connections should really only be
Jon> made from machines you trust as otherwise anyone with root
Jon> access can steal the cookie or pretend to be that user anyway.
Jon> I.e. using Ident for this is no worse than admitting that you
Jon> must trust the remote host is ok anyway.
Right; and it's also no better. But it _is_ more complicated. The
magic cookie mechanism is pretty good; if it would allow mutiple
cookies access to the server, or krb5 authentication, we'd have all
the machanism we needed, fairly simply.
-Rens
