Security question?

Matthieu Herrb matthieu.herrb at laas.fr
Wed Nov 3 21:31:23 PST 2004


Adam Jackson wrote:
> On Wednesday 03 November 2004 16:33, Thomas Hellström wrote:
> 
>>Hi!
>>
>>I'm working on a way for the client XvMC lib to determine whether an X
>>server connection is local or not.
>>
>>The best way I've come up with so far is for the client to allocate a
>>shared memory page, and fill it with a pattern which is seeded by a
>>pseudo-random 32-bit number. It then transmits this number and the
>>shared memory page ID to the server which tries to map the shared memory
>>page, verifies the pattern and returns either fault or OK.
>>
>><snip>
>>
>>Is this an acceptable approach security-wise?
>>Are there simpler ways?

you can also have an X request (in one of the extensions) to get for 
instance the hostid or the main hostname of the machine running the 
server and compare it to the same information on the client.

> getsockname(3) on the connection fd.  It's local if one of:
> 
> - family is PF_UNIX
> - family is PF_INET and address is 127.0.0.1
> - family is PF_INET6 and address is ::1
> - family is PF_DECnet and address is whatever the DECnet loopback address is 
> (probably you don't need to worry about this case)

If you go this way xtrans already has a IsLocal() entry point.

But as other said, in case of proxies and other SSH tunnels, this 
approach will fail, since the connexion's fd is  open to the proxy 
pseudo-server, not to the real one.

There are 2 approaches:
one is to provide a robust way to verify that the connection is really 
local

the second approach is to keep a simple approach (the xtrans IsLocal()) 
and let the upper layers handle the failure when they find out they 
cannot access the device or resources they where hoping.
-- 
					Matthieu




More information about the xorg mailing list