[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On Sat, 4 Dec 1999, Andrew Morgan wrote:

> > How can a trusted GUI agent make sure it talks to a trusted X server?
> > How can a person at the terminal make sure he or her talks to a trusted
> > GUI agent via a trusted X server?
> 
> Good questions. This trust thing is a hard one to pin down. With X
> especially, I'm on thin ice. Are you saying that there is something
> fundamentally broken about X? Do you want to share your thoughts?

There is something fundamentally broken in supplying a password to a
program. Even an alphanumeric console login prompt may be easily spoofed
by a malicious user.

Ideally privileged users should not login on utrusted computers, except
by means of one-time passwords or, say, public keys.

Even then, root compromise on one computer may open the whole system
to the intruder if the privileged user's homedirectory lies
on a distributed filesystem of any type. Once you have access to
modification credentials for a few (milli)seconds, you can do a lot.

My 2c.
--
Ivan Popov <pin@math.chalmers.se>
Systemman, Driftavdelningen, Matematiska institutionen, Chalmers



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []