Date: Mon, 14 Sep 1998 14:49:35 +1000 From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> To: freebsd-security@FreeBSD.ORG Subject: Re: X-security Message-ID: <98Sep14.144916est.40329@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
Wes Peters <wes@softweyr.com> wrote:
> By default, XFree86 uses "MIT MAGIC COOKIE" authen-
>tication; when the server starts it creates a .Xauthority file in
>your home directory. Anyone who can read this file will still be
>able to connect to your X server
Note that the authentication tokens are not encrypted on the network.
Anyone who can sniff the network will also be able to connect to your
X-server.
If you're worried about someone stealing your authentication token,
you'll need to use something like XDM-AUTHORIZATION-1 (*), SUN-DES-1 (**)
or ssh.
> # export XAUTHORITY=~wes/.Xauthority
> # xdpyinfo
I find this very useful for running X-sessions after I su.
(*) XDM-AUTHORIZATION-1 uses DES and is not compiled into the standard
version of XFree. Suitable versions of WrapHelp.c are available
from outside the US for people wanting to use it.
(**) I don't believe this is supported by anyone except Sun.
Peter
--
Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au
Alcatel Australia Limited
41 Mandible St Phone: +61 2 9690 5019
ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98Sep14.144916est.40329>