Date: 30 Aug 2000 12:35:48 +0200 From: joda@pdc.kth.se (Johan Danielsson) To: cjclark@alum.mit.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling xhost(1) Access Control Message-ID: <xof8ztfm3y3.fsf@blubb.pdc.kth.se> In-Reply-To: "Crist J . Clark"'s message of "Tue, 29 Aug 2000 23:44:51 -0700" References: <20000829234451.G62475@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Crist J . Clark" <cjclark@reflexnet.net> writes: > Is there such a way to do this (aside 'rm /usr/bin/xhost' and > setting all user writable filesystems noexec)? Not without recompiling the Xserver. If you want to do that there are at least two places you have to change the behaviour in programs/Xserver/os/access.c: * for the `xhost +' case change ChangeAccessControl(), to only succeed for the enable case (paranoid people use `xhost -' routinely). * for `xhost +host' change AddHost() to your liking (ifdef out FamilyInternet). I don't know if the FreeBSD xsrc tree differs from what I have, but I don't think so. /Johan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xof8ztfm3y3.fsf>