Security: Absolute Client vetting or trust a remote root?
peter.hutterer at who-t.net
Thu Jun 7 19:07:34 PDT 2012
On Thu, Jun 07, 2012 at 07:03:25AM -0500, Mike Mestnik wrote:
> I just got done slamming, perhaps as a troll, a lwn.net article. I
> may have gone too far and I don't believe you can go to far when it
> comes to security. I'm not the type to give up, you've attached with a
> keylogger to my X... Well now your keylogger is attached to my
> sub-server and I'm going send you about a dozen fortunes, then I'll try
> and backhack some arbitrary code your way. Get off my server or the
> hunter will become the hunted.
> What bothers me the most is that I'm finding out about this by reading a
> news article. When did X developers stop caring about clients after
> they had connected? I don't believe that malicious clients can never
> connect to an X server or that it would be "absolutely" possible to
> prevent malicious clients from connecting. So why is it that Security
> in X has fallen to this level, if it has and this article basically
> admits that it has or will? When did this change occur and why wasn't I
> I hope that at least a handful of you are at least mildly concerned that
> X might become an open playground for keyloggers and other malicious
> software once a client connection has been authenticated. Is it really
> then intention of the X community to forgo any security post client
> authentication? I hope you can at least understand where I'm coming
> from, to have to find out about this in a news article not related to a
> change in security.
> In shore, I believe that an ounce of prevention is worth a pound of
> cure. Users should fill that ounce with there bets effort to try and
> keep malicious clients off the X server. I don't believe that's enough,
> there has to be a cure for when this fails. A great offense that when
> combined with the Users defense forms a complete team that's not only
> the best, but unbeatable. I know that if keyloggers are prevented from
> reading anything useful that there won't be any keyloagers that break
> past X's authentication security. However I also know that if there is
> something to be gained from forging an xauth, that hackers will be
> tempted and eventually success in penetrating the outer defense.
> Another related issue is that if it is indeed the case where an
> authenticated client might have free reign into all user input(where
> multi-touch devices are open regardless of the keyboard-focus-lock).
the "keyboard focus lock" doesn't work as you think it does. short story:
there isn't really any, a malicious app can get around it and this has been
the case since approx 1994.
> This IMHO would disable(or at least render so insecure it's unthinkable)
> the feature of X that allows for remote clients. I don't think a remote
> root should ever be trusted, even if that is you. The simple matter is
> that a remote box could have been powned.
> Please join my cause to keep xinput secure, even when malicious clients
> are connected. Actually I'd be looking for some one with more political
> savvy then myself, I know that I'm actually the worst person you want
> speaking on your behalf.
> Please read some of my comments on the lwn.net forum, I stand by what
> I've said.
More information about the xorg-devel