How exactly is the Xorg MIT-COOKIE being sent by the application to the server - does Xlib do that?
Veek M
vek.m1234 at gmail.com
Wed Oct 17 00:54:32 UTC 2018
I wanted to feed my cookie to user goof via .Xauthority so I created a
named pipe to do it. It works BUT very flakily. I found that I need to
write the cookie numerous times till the application (hexchat/firefox)
loads completely and then kill the feed-cookie program.
1. Why do I need to feed the cookie numerous times?
2. Who is reading the .Xauthority cookie file? Xlib or GTK or the
hexchat/firefox app?
3. Anyway to magically/easily feed my cookie to whatever needs in
(above:2) vs using a named pipe.
I'm trying to make my Xorg more secure by preventing storage of the
cookie beyond the app startup.
https://www.nsa.gov/resources/everyone/digital-media-center/publications/research-papers/assets/files/securing-the-x-window-system-with-selinux-report.pdf
My idea was that if hexchat gets hacked and the file doesn't exist the
hacker can't connect to my Xorg instance and mess around. However he
might be able to dump his memory and read the cookie out?? I was
planning to use Xpra (just a thought)
More information about the xorg
mailing list