Re: X-windows security in Gnome

[<Jim Gettys hp com>]

Brian,

Yes, if you do "xhost +", you are completely disabling any access control
to your X server, and I've got you.  You are entirely correct.  X was
designed in the bad old days when the US Government made it impossible
to deal with crypto; ironically, I shared an office with Steve Miller,
one of the original authors of kerberos.  We did put enough hooks
in to allow for later addition of other than host based authentication.

One response is "don't do that"; but that is a bit of a cop-out, IMHO.

One thing that should be done would be to at least put a warning into 
the xhost program to inform the great unwashed masses that they probably 
don't want to do that....  Certainly Gnome's control panel should strongly 
warn against such usage, and the command line xhost program should warn 
strongly against doing this these days.  Sending a trival patch to xhost 
XFree86's way to make such a warning is probably appropriate.There are 
times that you really do need to remove all access control for various 
reasons, so removing the capability entirely is not viable.

There is also Kerb5 support in the source pool for X; I don't think people
always build it.

As far as the security stuff you reference, that was designed for
compartmented mode workstations (you may remember that U.S. government
fantasy that many of the UNIX vendors chased for a while: e.g. the "RedBook").
I'm skeptical of its value.  

But stronger authentication of connections is a "good thing"; so I'd
recommend going the Kerberos 5 route; and it may be that the stuff
you reference helps there (I haven't looked at it carefully; it happened
during an era I didn't pay much attention to X).  MIT-MAGIC-COOKIE is
pretty lame, only a step or two up from no authentication at all.
				- Jim

--
Jim Gettys
Cambridge Research Laboratory
HP Labs, Hewlett-Packard Company
Jim Gettys hp com