• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: X11 security (Was: 2.1.1 and xterm)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X11 security (Was: 2.1.1 and xterm)

  • Subject: Re: X11 security (Was: 2.1.1 and xterm)
  • From: Ben Byer <email@hidden>
  • Date: Sun, 16 Dec 2007 05:24:50 -0800
On Dec 16, 2007, at 2:35 AM, Harald Hanche-Olsen wrote:

+ William Davis <email@hidden>:

It is also more secure since part of the DISPLAY value is randomly
set -- a possible intruder cant make any useful assumptions about
where the display socket is.


That is called security by obscurity, which is generally not very
secure at all.  In this case, running ls -lrtd /tmp/launch* gives a
pretty good indication of what to try.  Oh, but on the other hand
those directories are readable only by their owners, so that is not a
viable way into the user's X server anyhow.

Right. This is actually a security feature, but against a different attack. If I know the name of the directory you put your sockets in, then if you haven't already created a socket, I can try to make the directory and trick you into using a socket I control.


If you want real security against other users with shell access on
your machine, I think you will have to remove /tmp/.X11-unix/X0 or at
least do:  chmod 700 /tmp/.X11-unix/X0

Actually, this seems to be a security hole.  Shouldn't the socket in
/tmp/.X11-unix/X0 be mode 700 by default?  On other unixes it is
usually not, since there is also the TCP socket on port 6000 for which
unix permissions don't make any sense, so you need some form of xauth
access control anyhow.


Perhaps. As you've noted, generally xauth prevents this from being a real problem, because another user won't be able to talk to your X server even if they can write to your socket. We've thought about moving that socket to its own specially (randomly, securely) created socket to increase security (and then updating Xtrans to be able to find it), but I'm a bit reluctant to make such a change while we still are coping with the launchd change.

(FYI --- there is a special case where you do not need a valid xauth cookie to connect to the X server via the launchd socket. This prevents a race condition upon launch the first X client app, and is still secure since launchd guarantees us that it will securely create that socket.)
--
Ben Byer
CoreOS / BSD Technology Group, XDarwin maintainer

_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)
This email sent to email@hidden






References: 


 >Re: 2.1.1 and xterm (From: "John Koren" <email@hidden>)


 >Re: 2.1.1 and xterm (From: Merle Reinhart <email@hidden>)


 >Re: 2.1.1 and xterm (From: William Davis <email@hidden>)


 >X11 security (Was: 2.1.1 and xterm) (From: Harald Hanche-Olsen <email@hidden>)






    

  • Prev by Date:
Re: 2.1.1 and xterm

    • 

  • Next by Date:
Re: 2.1.1 and xterm

    • 

  • Previous by thread:
X11 security (Was: 2.1.1 and xterm)

    • 

  • Next by thread:
Re: 2.1.1 and xterm

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •