[637] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Xwindows security?

daemon@ATHENA.MIT.EDU (Julian Assange)
Sat Jan 14 00:23:21 1995

From: Julian Assange <proff@suburbia.apana.org.au>
To: mccoy@io.com (Jim McCoy)
Date: Sat, 14 Jan 1995 15:26:26 +1100 (EST)
Cc: bugtraq@fc.net
In-Reply-To: <199501111958.NAA27466@pentagon.io.com> from "Jim McCoy" at Jan 11, 95 01:58:13 pm

> 
> > From: Jon Peatfield <J.S.Peatfield@amtp.cam.ac.uk>
> [...]
> > I'd like to add a new authentication mechanism to X which uses Ident (TAP, 
> > RFC-931 etc), to check that a user is permitted.  e.g. a server is given a 
> > list of allowed user/machine pairs by a program like xhost:
> > [which it checks using ident for incoming connections...]
> 
> This pretty much reduces down to the same problem that xhost has.  I have
> several program that will fake my ident ID to be whatever I want it to be.

Why bother? I hear there is this real hot cracker program called "su".

Proff

home help back first fref pref prev next nref lref last post