Security: Absolute Client vetting or trust a remote root?
Mike Mestnik
cheako+xorg-devel at mikemestnik.net
Thu Jun 7 05:03:25 PDT 2012
Hello,
I just got done slamming, perhaps as a troll, a lwn.net article. I
may have gone too far and I don't believe you can go to far when it
comes to security. I'm not the type to give up, you've attached with a
keylogger to my X... Well now your keylogger is attached to my
sub-server and I'm going send you about a dozen fortunes, then I'll try
and backhack some arbitrary code your way. Get off my server or the
hunter will become the hunted.
What bothers me the most is that I'm finding out about this by reading a
news article. When did X developers stop caring about clients after
they had connected? I don't believe that malicious clients can never
connect to an X server or that it would be "absolutely" possible to
prevent malicious clients from connecting. So why is it that Security
in X has fallen to this level, if it has and this article basically
admits that it has or will? When did this change occur and why wasn't I
told?
I hope that at least a handful of you are at least mildly concerned that
X might become an open playground for keyloggers and other malicious
software once a client connection has been authenticated. Is it really
then intention of the X community to forgo any security post client
authentication? I hope you can at least understand where I'm coming
from, to have to find out about this in a news article not related to a
change in security.
In shore, I believe that an ounce of prevention is worth a pound of
cure. Users should fill that ounce with there bets effort to try and
keep malicious clients off the X server. I don't believe that's enough,
there has to be a cure for when this fails. A great offense that when
combined with the Users defense forms a complete team that's not only
the best, but unbeatable. I know that if keyloggers are prevented from
reading anything useful that there won't be any keyloagers that break
past X's authentication security. However I also know that if there is
something to be gained from forging an xauth, that hackers will be
tempted and eventually success in penetrating the outer defense.
Another related issue is that if it is indeed the case where an
authenticated client might have free reign into all user input(where
multi-touch devices are open regardless of the keyboard-focus-lock).
This IMHO would disable(or at least render so insecure it's unthinkable)
the feature of X that allows for remote clients. I don't think a remote
root should ever be trusted, even if that is you. The simple matter is
that a remote box could have been powned.
http://lwn.net/Articles/485484/
Please join my cause to keep xinput secure, even when malicious clients
are connected. Actually I'd be looking for some one with more political
savvy then myself, I know that I'm actually the worst person you want
speaking on your behalf.
Please read some of my comments on the lwn.net forum, I stand by what
I've said.
Thank you.
More information about the xorg-devel
mailing list