[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



Hi,

On Sat, Dec 04, 1999 at 07:41:30PM -0800, Andrew Morgan wrote:
> Pavel Kankovsky wrote:
> > How can a trusted GUI agent make sure it talks to a trusted X server?
> > How can a person at the terminal make sure he or her talks to a trusted
> > GUI agent via a trusted X server?
> 
> Good questions. This trust thing is a hard one to pin down. With X
> especially, I'm on thin ice. Are you saying that there is something
> fundamentally broken about X? Do you want to share your thoughts?

Yes, X is a fundamentally broken idea from security point of view.
All of attached processes shared common resources without boundary checks.  I
remember an exploit showing that every application can snoop a text typed by
user in any window.  I don't know the current state of X but I bet that
almost any abuse which can be imagineed can be implemented.

Returning back to problem of screen lockers: setgid programs with special
group allowing them to verify root's password is the only apparent way to
solve the problem.  Setgid vlock wouldn't make me worry too much.  However
setgid xlock (brrr...) leads us to a new level of overrun exploits in X
libraries.

Best wishes
		Andrey



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []