From owner-freebsd-security Thu Feb 24 12:46:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from dfw-smtpout4.email.verio.net (dfw-smtpout4.email.verio.net [129.250.36.44]) by hub.freebsd.org (Postfix) with ESMTP id C706237B8F0 for ; Thu, 24 Feb 2000 12:46:22 -0800 (PST) (envelope-from bokr@accessone.com) Received: from [129.250.38.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout4.email.verio.net with esmtp (Exim 3.12 #7) id 12O59L-0002AC-00; Thu, 24 Feb 2000 20:46:15 +0000 Received: from [204.250.68.168] (helo=gazelle) by dfw-mmp4.email.verio.net with smtp (Exim 3.12 #7) id 12O59F-0001MY-00; Thu, 24 Feb 2000 20:46:10 +0000 Message-Id: <3.0.5.32.20000224124813.008fce80@mail.accessone.com> X-Sender: bokr@mail.accessone.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 24 Feb 2000 12:48:13 -0800 To: Omachonu Ogali From: Bengt Richter Subject: Re: Security hole in GNOME Cc: eighner@io.com (Lars Eighner), freebsd-security@freebsd.org In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I did do "man iceauth" and I did search via Alta Vista, and Lars Eighner is right about the scarcity of information in those areas. I would welcome a fix to the man pages (I am running 3.3-RELEASE, perhaps it's been fixed?). I do think calling .ICEauthority a "spy file" borders on FUDspam. OTOH, if the attempt to contact an external name server is bound to be useless (as you suggest it will be for a non-existent hostname), then it might be nice to be able to configure X safely not to call. I saw someplace advice to delete the .ICEauthority file if the X server takes a long time to start up, but with no explanation. Is this a sanctioned procedure? (Actually, I tried it, and a new .ICEauthority is created on the next startx. If you "hd .ICEauthority" you see some text including "ICE" and "tcp:xxxx" and several "MIT-MAGIC-COOKIE-1" and ":/tmp/.ICE-unix/yyy" and looking in the latter directory, I find a new socket yyy). So the advice may not accomplish much, I guess. Will have to look in the sources when I get time. BTW ;-), does the "ICE" relate to the Jargon File's definition? : -- ice [coined by USENETter Tom Maddox, popularized by William Gibson's cyberpunk SF novels: a contrived acronym for `Intrusion Countermeasure Electronics'] Security software (in Gibson's novels, software that responds to intrusion by attempting to literally kill the intruder). Also, `icebreaker': a program designed for cracking security on a system. -- If the lack of man and other info is an instance of security-by-obscurity, that would seem a concern. I'm for more light, and less FUD. Regards, Bengt Richter At 09:08 2000-02-24 -0500, you wrote: >ICEauthority is NOT for calling someone up, it used for authentication >between two XWindows servers, it does not transmit information, rather it >protects your XWindows server from being tampered with by defining an >access list of what clients/hostnames are allowed access your server, >and most of the time that list only contains your local hostname. IF >you sat down and ran tcpdump you would see its trying to resolve the >hostname you specified for your machine which doesn't exist probably >and is calling an external name server to help it, before you go off >spreading rumors, try to sit down and study it. > >On Thu, 24 Feb 2000, Lars Eighner wrote: > >> >> bokr@accessone.com (Bengt Richter) wrote: >> |On Wed, 23 Feb 2000 07:52:37 -0600, eighner@io.com (Lars Eighner) >> |wrote: >> | >> |> >> |>FreeBSD users should be aware that the stable ports of GNOME >> |>will install a spy file named .ICEauthority and information >> |>about your system will be transmitted every time a GNOME function >> |>is invoked. >> >> |Can you back up your information, please? Note following: >> | >> |--begin inclusion-- >> |Date: Wed, 23 Feb 2000 18:57:56 -0500 (EST) >> |From: Omachonu Ogali >> |To: Bengt Richter >> |cc: freebsd-security@FreeBSD.ORG >> |Subject: Re: NG report of "Security hole in GNOME" >> | >> |That's completely untrue. .ICEauthority has been around for a while >> |and if >> |you peek at it you'll see it contains authentication information for >> |the X >> |server, sort of like an xhost (I think). Do man iceauth to read on it >> |more, and do us a favor and relay this back to the newsgroup... >> >> Well, *did* you do man iceauth? If you had you would have found >> one little paragraph that refers to commands described "below" >> but of course there is no "below." None the less, it should be >> clear that the purpose of iceauth is to transmit information about >> one system to another system. Furthermore, when you invoke a >> GNOME session or one of the GNOME applications, it will bring up >> the ppp link and call someone. Suppose MicroSoft made Windows >> call them up every time Windows was used? People would be >> screaming bloody murder. Why should this behavior be acceptable >> from GNOME? >> >> Moreover, if this behavior were on the up and up, why wouldn't >> there be some reasonable documentation? And why isn't there a >> way to disable this behavior for machines that are not on an >> intranet -- which is the only situation in which this behavior >> might be desirable. Try typing ICEauthority or iceauth into >> a few of your favorite search engines. There simply is no >> explanation of what this is or why anyone thinks it is desirable. >> There is one FAQ in French which is a puzzle to me, but which >> has be interpreted for me by another correspondent to the >> effect that the purpose of ICEauthority is to brand users >> with software along the lines of what the Pentium III chip >> attempts to do with hardware. Again, when Intel does it, >> everyone yelps: so why exactly should such a vaguely documented >> "feature" that certainly appears to do the same thing be >> accept in GNUware? >> >> > >-- >+-------------------------------------------------------------------------+ >| Omachonu Ogali oogali@intranova.net | >| Intranova Networking Group http://tribune.intranova.net | >| PGP Key ID: 0xBFE60839 | >| PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | >+-------------------------------------------------------------------------+ > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message