Date: Tue, 6 Jul 1999 07:09:43 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: security@FreeBSD.ORG Subject: Re: X security (was Re: X and SSH) Message-ID: <Pine.BSF.3.96.990706070421.296E-100000@fledge.watson.org> In-Reply-To: <Pine.SO4.4.05.9906261604430.24379-100000@nenya>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 26 Jun 1999, Vladimir Mencl, MK, susSED wrote: > On Sat, 26 Jun 1999, Robert Watson wrote: > > ... > > > > > I personally like to run incoming tunneled X sessions from under-trusted > > hosts in Xnest, but maybe that's just me... :-) > > > Does it give more security? My belief is yes: suppose you slogin into an untrusted host where you want to run an X application. Having the ssh session point to an Xnest would prevent a remote user with privilege capable of reading your .Xauthority file from grabbing shots of your screen, etc. As I frequently log into a variety of hosts at a variety of institutions, most of which are most likely not mutually trusting, and I have privileged access to a number of their machines, I'd rather not have one compromised as the result of another being compromised. An X display is an excellent way to spread suffering, and Xnest seems like a decent answer to the problem, as it isolates applications. I posted this in bugtraq a few years ago, and someone responded that isolation of applications on the X display was supposed to go into a future version of X (broadway?) but I never heard anything further. I have not inspected Xnest source, so it might be worth doing sometime. My suspicion is it actually renders the virtual display as a bitmap. Probably a better alternative would be to write an X proxy that speaks the X protocol and prevents unfortunate things from happening (grabs, xinput capture, etc?), perhaps one that spoke to a window manager with security extensions to allow you to take advantage of knowledge of window behavior. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Computing Laboratory at Cambridge University Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990706070421.296E-100000>