From owner-freebsd-security  Fri Apr  6  5: 6:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from relay.ioffe.rssi.ru (relay.ioffe.rssi.ru [194.85.224.33])
	by hub.freebsd.org (Postfix) with ESMTP id 2C25937B424
	for <freebsd-security@FreeBSD.ORG>; Fri,  6 Apr 2001 05:06:03 -0700 (PDT)
	(envelope-from kopts@astro.ioffe.rssi.ru)
Received: from astro.ioffe.rssi.ru (astro.ioffe.rssi.ru [194.85.229.130])
	by relay.ioffe.rssi.ru (8.9.1/8.9.1) with ESMTP id QAA09337;
	Fri, 6 Apr 2001 16:05:42 +0400 (MSD)
Received:  by astro.ioffe.rssi.ru (8.9.3/Clnt-2.14-AS-eef)
	id QAA52712; Fri, 6 Apr 2001 16:05:32 +0400 (MSD)
Date: Fri, 6 Apr 2001 16:05:32 +0400 (MSD)
From: Alexey Koptsevich <kopts@astro.ioffe.rssi.ru>
To: Per Kristian Hove <perhov@math.ntnu.no>,
	Johan Danielsson <joda@pdc.kth.se>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Disabling xhost(1) Access Control
In-Reply-To: <Pine.BSF.4.21.0103211905040.3763-100000@astro.ioffe.rssi.ru>
Message-ID: <Pine.BSF.4.21.0104061601410.48456-100000@astro.ioffe.rssi.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hello,

> |  If you want to do that there are at least two places you have to
> |  change the behaviour in programs/Xserver/os/access.c:
> |  
> |  * for the `xhost +' case change ChangeAccessControl(), to only succeed
> |    for the enable case (paranoid people use `xhost -' routinely).
> |  
> |  * for `xhost +host' change AddHost() to your liking (ifdef out
> |    FamilyInternet).
> 
> If you're paranoid, you should also change the default behaviour
> of InvalidHost() [also in access.c] to return 1 instead of 0 if
> AccessEnabled isn't set [if you're running with `xhost +', that
> is]. This is where the access check actually takes place.

Sorry, could you write what exactly should I change in the code?

Thanks a lot,
Alex


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message