Re: New Proposal for Section 11.3.3 X11 Forwarding

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

I take issue with this comment.  X11 forwarding helps fix exactly those
problems that Wietse Venema describes, particularly if:

a) the X11 server does not accept connections except over local IPC
   mechanisms that are protected by ACLs or file permissions (e.g., Unix
   domain sockets),

and

b) (a) applies to the SSHv2 server pseudo-X11 server used in X11
   forwarding.

Given (a) and (b) those magic cookies add no value and their weakness is
irrelevant.  Xsun, for example, can be configured not to listen for
display opens over TCP.

Cheers,

Nico

On Wed, May 14, 2003 at 01:27:01PM -0700, Chris Lonvick wrote:
> ---Ran---vv
> It turns out that the X11 cookie security has significant issues.
> 
> A good reference for folks here to read might be:
>         Wietse Venema, "Murphy's Law and Computer Security", Proceedings
>         of 6th USENIX Security Symposium, San Jose, CA, July 1996.
> 
> It is likely that the above paper can be downloaded from USENIX,
> http://www.usenix.org.  I don't know the correct URL for that
> paper, so one would have to browse to find it.
> 
> Also, if we reach back to 1997, there were other issues identified:
>         http://lists.insecure.org/lists/bugtraq/1997/Sep/0062.html
> 
> I'm not comfortable with the current text on X11, though I'm
> only one person...
> ---Ran---^^
> 
> 
>