Date: Fri, 6 Apr 2001 16:05:32 +0400 (MSD) From: Alexey Koptsevich <kopts@astro.ioffe.rssi.ru> To: Per Kristian Hove <perhov@math.ntnu.no>, Johan Danielsson <joda@pdc.kth.se> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling xhost(1) Access Control Message-ID: <Pine.BSF.4.21.0104061601410.48456-100000@astro.ioffe.rssi.ru> In-Reply-To: <Pine.BSF.4.21.0103211905040.3763-100000@astro.ioffe.rssi.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > | If you want to do that there are at least two places you have to > | change the behaviour in programs/Xserver/os/access.c: > | > | * for the `xhost +' case change ChangeAccessControl(), to only succeed > | for the enable case (paranoid people use `xhost -' routinely). > | > | * for `xhost +host' change AddHost() to your liking (ifdef out > | FamilyInternet). > > If you're paranoid, you should also change the default behaviour > of InvalidHost() [also in access.c] to return 1 instead of 0 if > AccessEnabled isn't set [if you're running with `xhost +', that > is]. This is where the access check actually takes place. Sorry, could you write what exactly should I change in the code? Thanks a lot, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104061601410.48456-100000>