Security: Absolute Client vetting or trust a remote root?
Mike Mestnik
cheako+xorg-devel at mikemestnik.net
Thu Jun 7 19:33:33 PDT 2012
On 06/07/12 21:07, Peter Hutterer wrote:
> On Thu, Jun 07, 2012 at 07:03:25AM -0500, Mike Mestnik wrote:
>> Hello,
>> I just got done slamming, perhaps as a troll, a lwn.net article. I
>> may have gone too far and I don't believe you can go to far when it
>> comes to security. I'm not the type to give up, you've attached with a
>> keylogger to my X... Well now your keylogger is attached to my
>> sub-server and I'm going send you about a dozen fortunes, then I'll try
>> and backhack some arbitrary code your way. Get off my server or the
>> hunter will become the hunted.
>>
>> What bothers me the most is that I'm finding out about this by reading a
>> news article. When did X developers stop caring about clients after
>> they had connected? I don't believe that malicious clients can never
>> connect to an X server or that it would be "absolutely" possible to
>> prevent malicious clients from connecting. So why is it that Security
>> in X has fallen to this level, if it has and this article basically
>> admits that it has or will? When did this change occur and why wasn't I
>> told?
>>
>> I hope that at least a handful of you are at least mildly concerned that
>> X might become an open playground for keyloggers and other malicious
>> software once a client connection has been authenticated. Is it really
>> then intention of the X community to forgo any security post client
>> authentication? I hope you can at least understand where I'm coming
>> from, to have to find out about this in a news article not related to a
>> change in security.
>>
>> In shore, I believe that an ounce of prevention is worth a pound of
>> cure. Users should fill that ounce with there bets effort to try and
>> keep malicious clients off the X server. I don't believe that's enough,
>> there has to be a cure for when this fails. A great offense that when
>> combined with the Users defense forms a complete team that's not only
>> the best, but unbeatable. I know that if keyloggers are prevented from
>> reading anything useful that there won't be any keyloagers that break
>> past X's authentication security. However I also know that if there is
>> something to be gained from forging an xauth, that hackers will be
>> tempted and eventually success in penetrating the outer defense.
>>
>> Another related issue is that if it is indeed the case where an
>> authenticated client might have free reign into all user input(where
>> multi-touch devices are open regardless of the keyboard-focus-lock).
>
> the "keyboard focus lock" doesn't work as you think it does. short story:
> there isn't really any, a malicious app can get around it and this has been
> the case since approx 1994.
>
Is this to be used as an excuse to not have any security? It sounds
like that's what you are saying and it's vary disturbing, where would
such an ideology end... How far would be too far for this to spread?
This attitude seams like it could vary easily be infinitely recursive.
I reject this concept, it shouldn't be allowed to spread any further.
>> This IMHO would disable(or at least render so insecure it's unthinkable)
>> the feature of X that allows for remote clients. I don't think a remote
>> root should ever be trusted, even if that is you. The simple matter is
>> that a remote box could have been powned.
>>
>> http://lwn.net/Articles/485484/
>>
>> Please join my cause to keep xinput secure, even when malicious clients
>
> s/keep/make/ :)
>
> Cheers,
> Peter
>
>> are connected. Actually I'd be looking for some one with more political
>> savvy then myself, I know that I'm actually the worst person you want
>> speaking on your behalf.
>> Please read some of my comments on the lwn.net forum, I stand by what
>> I've said.
>
More information about the xorg-devel
mailing list