Security: Absolute Client vetting or trust a remote root?
cheako+xorg-devel at mikemestnik.net
Thu Jun 7 18:52:24 PDT 2012
On 06/07/12 08:15, Michal Suchanek wrote:
> There has never been any security in the X protocol beyond the
> connection authentication.
I'm referring to the XGrabKeyboard() call and yes X has many other
layers of security that I feel are worth mentioning. For example OpenGL
applications are forbidden from accessing all of system memory via GPU
DMA. To consider that there is no security is a little narrow-minded,
there is *plenty of security. The issue I'm reporting is that of what
*little security there is, it's being chipped away under the flag of
"There is not as much security as there should be, so a little less
security is not a problem." I'm saying this is a huge problem to remove
security in an area that clearly doesn't have enough security... not the
other way around.
* The amount of security is only perhaps a fraction of what it should
be, but there is still a lot of it.
> You have not been told it was removed because it has not, there has never been.
> There is some stuff in place that discriminates "remote" and "local"
> clients and forbids "remote" clients doing some stuff but that's it.
> The reason is simple. The fact that the client *can* connect locally
> means that it runs on your local machine and has permission to access
> a secret that is presumably specific to your account (the current
> authentication scheme is somewhat weak by today standard but the
> protocol is extensible to encompass new schemes yet nobody cared
> enough to add something better).
> Given that X was developed and runs on POSIX systems that have no
> process security whatsoever then a process that can access one of your
> files (the secret) can access all of your other files and processes
> and would have no reason to attack through X while it can do the same
More information about the xorg-devel