From owner-freebsd-security Sun Sep 13 21:50:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA23302 for freebsd-security-outgoing; Sun, 13 Sep 1998 21:50:09 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA23295 for ; Sun, 13 Sep 1998 21:50:04 -0700 (PDT) (envelope-from peter.jeremy@auss2.alcatel.com.au) Received: by border.alcanet.com.au id <40329>; Mon, 14 Sep 1998 14:49:16 +1000 Date: Mon, 14 Sep 1998 14:49:35 +1000 From: Peter Jeremy Subject: Re: X-security To: freebsd-security@FreeBSD.ORG Message-Id: <98Sep14.144916est.40329@border.alcanet.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters wrote: > By default, XFree86 uses "MIT MAGIC COOKIE" authen- >tication; when the server starts it creates a .Xauthority file in >your home directory. Anyone who can read this file will still be >able to connect to your X server Note that the authentication tokens are not encrypted on the network. Anyone who can sniff the network will also be able to connect to your X-server. If you're worried about someone stealing your authentication token, you'll need to use something like XDM-AUTHORIZATION-1 (*), SUN-DES-1 (**) or ssh. > # export XAUTHORITY=~wes/.Xauthority > # xdpyinfo I find this very useful for running X-sessions after I su. (*) XDM-AUTHORIZATION-1 uses DES and is not compiled into the standard version of XFree. Suitable versions of WrapHelp.c are available from outside the US for people wanting to use it. (**) I don't believe this is supported by anyone except Sun. Peter -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message