Date: Sat, 26 Feb 2000 16:18:36 +0300 From: "A. Rakukin" <rakukin@mail.ru> To: "tom brown" <tomb@cgf.net> Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re[2]: X authorization Message-ID: <E12Oh7E-000CVz-00@f4.mail.ru> In-Reply-To: <38B5EAC2.5063CC6@cgf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- From: tom brown <tomb@cgf.net> To: "A. Rakukin" <rakukin@mail.ru> Date: Thu, 24 Feb 2000 18:36:50 -0800 Subject: Re: X authorization > "A. Rakukin" wrote: > > > Hi to all, > > > > Would be grateful for help or explanation. I used to think that by default > > nobody can run anything on my display. But now I revealed that it is enough > > to export DISPLAY on remote host to access my xserver. 'xhost' on the server > > (that has been accessed) says that > > > > access control enabled, only authorized clients can connect > > > > and nothing more. What is the possible source of the problem? > > I have not customized any authorization mechanisms... > > I run FreeBSD 3.4. > > > > Thank you, > > Alex > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > If you are realy bothered by this you could apply IPFW filters to ports between > 6000-6100 to prevent any connection to the X system. > > I think that there is also a kerberos token based scheme of athentication. > I've never used it but details are at : > http://www.xfree86.org > > > If you want to know more about the vunerabilites of X: > http://packetstorm.securify.com/opensec-exploits/exploits/netapps/x-win/ > > Tom > > Tom > > > Thank you for links! But I think unauthorized access must be disabled earlier. I would not like to install any filters and also kerberos, just to make system work as it should... Tanks, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E12Oh7E-000CVz-00>