Subject: xsrc/20015: startx script passes cookie on command line
To: None <gnats-bugs@gnats.netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 01/23/2003 19:05:53
	Note: There was a bad value `medium' for the field `>Severity:'.
	It was set to the default value of `serious'.

	Note: There was a bad value `serious' for the field `>Priority:'.
	It was set to the default value of `medium'.


>Number:         20015
>Category:       xsrc
>Synopsis:       startx script passes cookie on command line
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    xsrc-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 23 10:07:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Christian Biere
>Release:        NetBSD 1.6K
>Organization:
>Environment:

>Description:

The default startx script contains the following line:
xauth add $displayname . $mcookie

This is a problem because any local user can see the cookie with ps.
Although it might not be very easy to catch the right moment, it's still
possible for anyone with enough effort (and time).

>How-To-Repeat:

Put a machine under high load and run ps with appropriate arguments in a
greedy loop. Some kind of social engineering might be helpful to find
out the moment startx is normally used.

>Fix:

xauth <<EOF
add $displayname . $mcookie
EOF

--xPQ'eC=.N)eIv0lW
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE+MC8W0KQix3oyIMcRAvFTAJ44YsoIKvMXTSeCR7WIS0H0O7Zq5wCfUe5m
3+JcsRUeGRYjV6ej94/lWUE=
=bmVj
-----END PGP SIGNATURE-----

--xPQ'eC=.N)eIv0lW--
>Release-Note:
>Audit-Trail:
>Unformatted:
 --xPQ'eC=.N)eIv0lW
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: 7bit