From owner-freebsd-questions Sat Feb 26 5:18:55 2000 Delivered-To: freebsd-questions@freebsd.org Received: from msk1.mail.ru (mx1.mail.ru [194.67.23.32]) by hub.freebsd.org (Postfix) with ESMTP id D082C37BC18; Sat, 26 Feb 2000 05:18:47 -0800 (PST) (envelope-from rakukin@mail.ru) Received: from f4.int ([10.0.0.51] helo=f4.mail.ru) by msk1.mail.ru with esmtp (Exim 3.02 #116) id 12OhCY-000CWV-00; Sat, 26 Feb 2000 16:24:06 +0300 Received: from mail by f4.mail.ru with local (Exim 3.02 #112) id 12Oh7E-000CVz-00; Sat, 26 Feb 2000 16:18:36 +0300 Received: from [194.85.224.35] by koi.mail.ru with HTTP; Sat, 26 Feb 2000 13:18:36 +0000 (GMT) From: "A. Rakukin" To: "tom brown" Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re[2]: X authorization Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: 194.85.229.131 via proxy [194.85.224.35] In-Reply-To: <38B5EAC2.5063CC6@cgf.net> Reply-To: "A. Rakukin" Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Date: Sat, 26 Feb 2000 16:18:36 +0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----Original Message----- From: tom brown To: "A. Rakukin" Date: Thu, 24 Feb 2000 18:36:50 -0800 Subject: Re: X authorization > "A. Rakukin" wrote: > > > Hi to all, > > > > Would be grateful for help or explanation. I used to think that by default > > nobody can run anything on my display. But now I revealed that it is enough > > to export DISPLAY on remote host to access my xserver. 'xhost' on the server > > (that has been accessed) says that > > > > access control enabled, only authorized clients can connect > > > > and nothing more. What is the possible source of the problem? > > I have not customized any authorization mechanisms... > > I run FreeBSD 3.4. > > > > Thank you, > > Alex > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > If you are realy bothered by this you could apply IPFW filters to ports between > 6000-6100 to prevent any connection to the X system. > > I think that there is also a kerberos token based scheme of athentication. > I've never used it but details are at : > http://www.xfree86.org > > > If you want to know more about the vunerabilites of X: > http://packetstorm.securify.com/opensec-exploits/exploits/netapps/x-win/ > > Tom > > Tom > > > Thank you for links! But I think unauthorized access must be disabled earlier. I would not like to install any filters and also kerberos, just to make system work as it should... Tanks, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message