From owner-freebsd-x11@FreeBSD.ORG Thu Apr 16 23:08:50 2009 Return-Path: Delivered-To: x11@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 056121065670 for ; Thu, 16 Apr 2009 23:08:50 +0000 (UTC) (envelope-from chris@isecpartners.com) Received: from b.mx.isecpartners.com (b.mx.isecpartners.com [66.237.62.199]) by mx1.freebsd.org (Postfix) with ESMTP id DBD888FC08 for ; Thu, 16 Apr 2009 23:08:49 +0000 (UTC) (envelope-from chris@isecpartners.com) Received: from exch01.isecpartners.com (unknown [10.13.37.50]) by b.mx.isecpartners.com (Postfix) with ESMTP id 7CEF018958D; Thu, 16 Apr 2009 15:44:12 -0700 (PDT) Received: from exch01.isecpartners.com ([10.13.37.50]) by exch01.isecpartners.com ([10.13.37.50]) with mapi; Thu, 16 Apr 2009 15:52:18 -0700 From: Chris Palmer To: "ewalsh@tycho.nsa.gov" , "x11@freebsd.org" Date: Thu, 16 Apr 2009 15:51:07 -0700 Thread-Topic: X SECURITY extension gone in latest Xorg; XACE not working? Thread-Index: Acm+5dRLHWx9ngtJTWueE7BWyEvQVg== Message-ID: <7E3B942D6F9AE64EA28CE80B7283C1EC212C0D872C@exch01.isecpartners.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-hashedpuzzle: ByAH CF0g CgW+ FR+B JcuE KrT8 Le4J MPLo MT+R MdmT NG/b NW78 OKqT Q0R0 Rx2S TuxS; 2; ZQB3AGEAbABzAGgAQAB0AHkAYwBoAG8ALgBuAHMAYQAuAGcAbwB2ADsAeAAxADEAQABmAHIAZQBlAGIAcwBkAC4AbwByAGcA; Sosha1_v1; 7; {1AF025ED-6D2B-40B2-8358-CE38DAF074B0}; YwBoAHIAaQBzAEAAaQBzAGUAYwBwAGEAcgB0AG4AZQByAHMALgBjAG8AbQA=; Thu, 16 Apr 2009 22:51:07 GMT; WAAgAFMARQBDAFUAUgBJAFQAWQAgAGUAeAB0AGUAbgBzAGkAbwBuACAAZwBvAG4AZQAgAGkAbgAgAGwAYQB0AGUAcwB0ACAAWABvAHIAZwA7ACAAWABBAEMARQAgAG4AbwB0ACAAdwBvAHIAawBpAG4AZwA/AA== x-cr-puzzleid: {1AF025ED-6D2B-40B2-8358-CE38DAF074B0} acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: Subject: X SECURITY extension gone in latest Xorg; XACE not working? X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2009 23:08:50 -0000 Hello, With a recent build of FreeBSD ports (I am on FreeBSD 7), the X SECURITY ex= tension is nonexistent, and its functionality is missing. For example, "ssh= -X" is equivalent to "ssh -Y", "xauth -f foo generate :0.0 . untrusted" do= esn't work, and so on. I am developing a program (http://code.google.com/p/= isolate) that depends on being able to put X clients in the "untrusted" gro= up. I dimly understand that XACE is supposed to replace the old SECURITY ex= tension with new and more exciting (but compatible) behavior, but currently= , I get no joy either way. On OpenBSD 4.4 and Ubuntu 8.10, SECURITY still works; I assume it's because= their builds are old enough to not have whatever recent changes were made. In the configure script for the xorg-server port, I found an option to re-e= nable SECURITY, and it appears to mostly work. But normal people are not go= ing to do that, and so won't get the security features of the extension. Any clues, explanations of how I'm missing something, et c., greatly apprec= iated. Thanks! --=20 Chris Palmer, iSEC Partners (415) 235 2888