tech-x11: Re: magic cookie security problem

Subject: Re: magic cookie security problem
To: None <tech-x11@netbsd.org>
From: Matthias Scheler <tron@zhadum.de>
List: tech-x11
Date: 03/14/2002 14:55:01

ming deng <mingd@oeone.com> wrote:
> If I send my Xauth magic cookie to other person to grant him to access 
> to my desktop, then after sometime I have to revoke that access right 
> from him after he has done his work on my desktop. How can I do it?

1.) You build a SSH connection to your local machine with X11 forwarding
    enable.

2.) You use "xauth list $DISPLAY" to get the new cookie (created by SSH) and
    the new display name and give them to other person.

3.) When she or he has finished her or his work you close the SSH
    connection which invalidates the key and makes your display
    safe again.

There might be a hole in this concept so you better think about a little
bit. One thing you definitely want to do is to use "xhost" afterwards
to see if access control was weakened.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/