Date: Tue, 15 Sep 1998 22:27:12 +0000 From: Niall Smart <rotel@indigo.ie> To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>, freebsd-security@FreeBSD.ORG Subject: Re: X-security Message-ID: <199809152127.WAA01237@indigo.ie> In-Reply-To: <98Sep14.144916est.40329@border.alcanet.com.au>; Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 14, 2:49pm, Peter Jeremy wrote: } Subject: Re: X-security > Wes Peters <wes@softweyr.com> wrote: > > By default, XFree86 uses "MIT MAGIC COOKIE" authen- > >tication; when the server starts it creates a .Xauthority file in > >your home directory. Anyone who can read this file will still be > >able to connect to your X server > > Note that the authentication tokens are not encrypted on the network. > Anyone who can sniff the network will also be able to connect to your > X-server. > > If you're worried about someone stealing your authentication token, > you'll need to use something like XDM-AUTHORIZATION-1 (*), SUN-DES-1 (**) > or ssh. After you've authenticated you're still vulnerable to snooping or active attacks though, someone could still steal your authentication data by desynchronising your TCP stream and injecting the right commands. Better to use port forwarding with ssh if possible. -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809152127.WAA01237>