Date: Thu, 16 Apr 2009 15:51:07 -0700 From: Chris Palmer <chris@isecpartners.com> To: "ewalsh@tycho.nsa.gov" <ewalsh@tycho.nsa.gov>, "x11@freebsd.org" <x11@freebsd.org> Subject: X SECURITY extension gone in latest Xorg; XACE not working? Message-ID: <7E3B942D6F9AE64EA28CE80B7283C1EC212C0D872C@exch01.isecpartners.com>
next in thread | raw e-mail | index | archive | help
Hello, With a recent build of FreeBSD ports (I am on FreeBSD 7), the X SECURITY extension is nonexistent, and its functionality is missing. For example, "ssh -X" is equivalent to "ssh -Y", "xauth -f foo generate :0.0 . untrusted" doesn't work, and so on. I am developing a program (http://code.google.com/p/isolate) that depends on being able to put X clients in the "untrusted" group. I dimly understand that XACE is supposed to replace the old SECURITY extension with new and more exciting (but compatible) behavior, but currently, I get no joy either way. On OpenBSD 4.4 and Ubuntu 8.10, SECURITY still works; I assume it's because their builds are old enough to not have whatever recent changes were made. In the configure script for the xorg-server port, I found an option to re-enable SECURITY, and it appears to mostly work. But normal people are not going to do that, and so won't get the security features of the extension. Any clues, explanations of how I'm missing something, et c., greatly appreciated. Thanks! -- Chris Palmer, iSEC Partners (415) 235 2888
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7E3B942D6F9AE64EA28CE80B7283C1EC212C0D872C>