Security: Absolute Client vetting or trust a remote root?

Mike Mestnik cheako+xorg-devel at mikemestnik.net
Thu Jun 7 05:12:13 PDT 2012


Forgot the action item.  Along with reading about what's up and the
various positions, form your own opinion.  I'm not saying you should be
in one camp or the other or that you even have to pick one side... ever.
 Just that you have an idea about what you think.

As a proposed 'quick fix' with any luck identifying what code this
effects will be easy.  The fix is to disable this code whenever a TCP
client is connected.  That should be enough to solve my immediate
concerns.  Replacement code will need to be written, but it doesn't have
to have all the features to begin with and I understand that X is an
ever moving forward campaign in that once something is included it's
always included.  However for security reasons it may be prudent to
remove some of these things in some situations.

Thank you again.

On 06/07/12 07:03, Mike Mestnik wrote:
> Hello,
>   I just got done slamming, perhaps as a troll, a lwn.net article.  I
> may have gone too far and I don't believe you can go to far when it
> comes to security.  I'm not the type to give up, you've attached with a
> keylogger to my X...  Well now your keylogger is attached to my
> sub-server and I'm going send you about a dozen fortunes, then I'll try
> and backhack some arbitrary code your way.  Get off my server or the
> hunter will become the hunted.
> 
> What bothers me the most is that I'm finding out about this by reading a
> news article.  When did X developers stop caring about clients after
> they had connected?  I don't believe that malicious clients can never
> connect to an X server or that it would be "absolutely" possible to
> prevent malicious clients from connecting.  So why is it that Security
> in X has fallen to this level, if it has and this article basically
> admits that it has or will?  When did this change occur and why wasn't I
> told?
> 
> I hope that at least a handful of you are at least mildly concerned that
> X might become an open playground for keyloggers and other malicious
> software once a client connection has been authenticated.  Is it really
> then intention of the X community to forgo any security post client
> authentication?  I hope you can at least understand where I'm coming
> from, to have to find out about this in a news article not related to a
> change in security.
> 
> In shore, I believe that an ounce of prevention is worth a pound of
> cure.  Users should fill that ounce with there bets effort to try and
> keep malicious clients off the X server.  I don't believe that's enough,
> there has to be a cure for when this fails.  A great offense that when
> combined with the Users defense forms a complete team that's not only
> the best, but unbeatable.  I know that if keyloggers are prevented from
> reading anything useful that there won't be any keyloagers that break
> past X's authentication security.  However I also know that if there is
> something to be gained from forging an xauth, that hackers will be
> tempted and eventually success in penetrating the outer defense.
> 
> Another related issue is that if it is indeed the case where an
> authenticated client might have free reign into all user input(where
> multi-touch devices are open regardless of the keyboard-focus-lock).
> This IMHO would disable(or at least render so insecure it's unthinkable)
> the feature of X that allows for remote clients.  I don't think a remote
> root should ever be trusted, even if that is you.  The simple matter is
> that a remote box could have been powned.
> 
> http://lwn.net/Articles/485484/
> 
> Please join my cause to keep xinput secure, even when malicious clients
> are connected.  Actually I'd be looking for some one with more political
> savvy then myself, I know that I'm actually the worst person you want
> speaking on your behalf.
> 
> Please read some of my comments on the lwn.net forum, I stand by what
> I've said.
> 
> Thank you.



More information about the xorg-devel mailing list