Subject: Re: magic cookie security problem
To: None <tech-x11@netbsd.org>
From: Matthias Scheler <tron@zhadum.de>
List: tech-x11
Date: 03/14/2002 14:55:01
ming deng <mingd@oeone.com> wrote:
> If I send my Xauth magic cookie to other person to grant him to access
> to my desktop, then after sometime I have to revoke that access right
> from him after he has done his work on my desktop. How can I do it?
1.) You build a SSH connection to your local machine with X11 forwarding
enable.
2.) You use "xauth list $DISPLAY" to get the new cookie (created by SSH) and
the new display name and give them to other person.
3.) When she or he has finished her or his work you close the SSH
connection which invalidates the key and makes your display
safe again.
There might be a hole in this concept so you better think about a little
bit. One thing you definitely want to do is to use "xhost" afterwards
to see if access control was weakened.
Kind regards
--
Matthias Scheler http://scheler.de/~matthias/