From owner-freebsd-security Thu Mar 6 22:44:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA19730 for security-outgoing; Thu, 6 Mar 1997 22:44:55 -0800 (PST) Received: from itu.cc.jyu.fi (root@itu.cc.jyu.fi [130.234.40.21]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA19694 for ; Thu, 6 Mar 1997 22:44:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by itu.cc.jyu.fi (8.8.4/8.8.4) with ESMTP id IAA20640 for ; Fri, 7 Mar 1997 08:44:01 +0200 Date: Fri, 7 Mar 1997 08:44:01 +0200 (EET) From: Seppo Kallio To: freebsd-security@freebsd.org Subject: XFree86 + startx In-Reply-To: <331ED3ED.4950@fasts.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Is this a known bug/feature: We have some FreeBSD + Linux workstations running FreeBSD 2.2 and Linux RedHat 4.1. I think both have same security problem in XFree: First, asume one logins on the console into the workstation in ascii mode (not using xdm) and then startx X by giving startx command. Second after that someone is making remote login (telnet or rlogin) to the same workstation. Now the last one can use the screen as he/she likes by defining setenv DISPLAY nodename:0.0 (or maybe even setenv DISPLAY :0.0). The user can spy all keystrokes, see full screen etc. If the first user types passwds etc. the second can see them. We have corrected this by adding X authorization to the startx script: 1. about at line #23: serverargs="-auth $HOME/.Xauthority" (was serverargs="") 2. add before xinit start: xauth add :0 . `mcookie` xauth add `hostname`:0 . `mcookie` (3. xinit can be started using exec) Seppo Kallio kallio@cc.jyu.fi Computing Center Fax +358-14-603611 U of Jyväskylä 62.14N 25.44E PL 35, 40351 Jyväskylä, Finland http://www.jyu.fi/~kallio