[PATCH] os: Delete the XDM client when a connection is closed.

Keith Packard keithp at keithp.com
Mon Oct 18 12:48:49 PDT 2010


On Mon, 18 Oct 2010 18:25:48 +0200, Michał Górny <mgorny at gentoo.org> wrote:
> This patch introduces a concept of ClientPtr tracking in the xdm auth
> code. It makes sure that the xdm authentication data for a particular
> client is removed immediately when the client disconnects, making the
> semi-random client identifier reusable.

The point of the client identifier is to avoid replay attacks, which
requires that all clients provide some unique information in their
key. If you want to avoid this particular issue, you'd need to fix Xlib
to send something other than the PID as the unique value.

-- 
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20101018/5c548afc/attachment.pgp>


More information about the xorg-devel mailing list