From owner-freebsd-security Tue Jul 6 4:10: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8440E153D7 for ; Tue, 6 Jul 1999 04:09:51 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id HAA05180; Tue, 6 Jul 1999 07:09:43 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Tue, 6 Jul 1999 07:09:43 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Vladimir Mencl, MK, susSED" Cc: security@FreeBSD.ORG Subject: Re: X security (was Re: X and SSH) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 26 Jun 1999, Vladimir Mencl, MK, susSED wrote: > On Sat, 26 Jun 1999, Robert Watson wrote: > > ... > > > > > I personally like to run incoming tunneled X sessions from under-trusted > > hosts in Xnest, but maybe that's just me... :-) > > > Does it give more security? My belief is yes: suppose you slogin into an untrusted host where you want to run an X application. Having the ssh session point to an Xnest would prevent a remote user with privilege capable of reading your .Xauthority file from grabbing shots of your screen, etc. As I frequently log into a variety of hosts at a variety of institutions, most of which are most likely not mutually trusting, and I have privileged access to a number of their machines, I'd rather not have one compromised as the result of another being compromised. An X display is an excellent way to spread suffering, and Xnest seems like a decent answer to the problem, as it isolates applications. I posted this in bugtraq a few years ago, and someone responded that isolation of applications on the X display was supposed to go into a future version of X (broadway?) but I never heard anything further. I have not inspected Xnest source, so it might be worth doing sometime. My suspicion is it actually renders the virtual display as a bitmap. Probably a better alternative would be to write an X proxy that speaks the X protocol and prevents unfortunate things from happening (grabs, xinput capture, etc?), perhaps one that spoke to a window manager with security extensions to allow you to take advantage of knowledge of window behavior. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Computing Laboratory at Cambridge University Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message