Date: Thu, 16 Apr 2009 15:51:07 -0700 From: Chris Palmer <chris@isecpartners.com> To: "ewalsh@tycho.nsa.gov" <ewalsh@tycho.nsa.gov>, "x11@freebsd.org" <x11@freebsd.org> Subject: X SECURITY extension gone in latest Xorg; XACE not working? Message-ID: <7E3B942D6F9AE64EA28CE80B7283C1EC212C0D872C@exch01.isecpartners.com>
next in thread | raw e-mail | index | archive | help
Hello, With a recent build of FreeBSD ports (I am on FreeBSD 7), the X SECURITY ex= tension is nonexistent, and its functionality is missing. For example, "ssh= -X" is equivalent to "ssh -Y", "xauth -f foo generate :0.0 . untrusted" do= esn't work, and so on. I am developing a program (http://code.google.com/p/= isolate) that depends on being able to put X clients in the "untrusted" gro= up. I dimly understand that XACE is supposed to replace the old SECURITY ex= tension with new and more exciting (but compatible) behavior, but currently= , I get no joy either way. On OpenBSD 4.4 and Ubuntu 8.10, SECURITY still works; I assume it's because= their builds are old enough to not have whatever recent changes were made. In the configure script for the xorg-server port, I found an option to re-e= nable SECURITY, and it appears to mostly work. But normal people are not go= ing to do that, and so won't get the security features of the extension. Any clues, explanations of how I'm missing something, et c., greatly apprec= iated. Thanks! --=20 Chris Palmer, iSEC Partners (415) 235 2888
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7E3B942D6F9AE64EA28CE80B7283C1EC212C0D872C>