From: Small, Jim (jim.small@eds.com)
Date: 05/29/02

From: "Small, Jim" <jim.small@eds.com>
To: focus-sun@securityfocus.com
Date: Wed, 29 May 2002 09:30:51 -0400

Hello Everyone,

I am working on a security solution for a network of Solaris servers (7 and
8). The network is periodically scanned for vulnerabilities. The problem
is system admins keep using "xhost +" from their CDE session so they can
display xclients from other servers. Needless to say, no matter how many
times I admonish them not to use xhost +, they do anyway.

I need to prevent the possibility of someone doing an xhost +, even if they
are root. The only solution I can think of is to delete the xhost command,
and put a script in that notifies admins that its use is forbidden.

The way to enable remote clients to display on the local X server would then
(Where server1 is the local X server and server2 wants to display an xclient
on server1)
server1% xauth list
server1:0 MIT-MAGIC-COOKIE-1 796d707638793975614f785371674a52
server1/unix:0 MIT-MAGIC-COOKIE-1 796d707638793975614f785371674a52

server2% DISPLAY=server1:0
server2% export DISPLAY
server2% xauth add server1:0 MIT-MAGIC-COOKIE-1
server2% xprogram

Of course it would be better to use secure RPC (or one of the other secure
methods in Xsecurity(7), but I have not found a way to implement secure RPC
without using xhost. For example, in order to use secure RPC, you have to
do something such as:
xhost nis:user@localnisdom, you then use xauth and can connect to the X
Unfortunately in this situation, someone can simply do an xhost +. A script
is not viable, because since this is a server and only admins will be using
it, they would easily be able to get around any script. That's why I'm
inclined to think the only sure way is to delete the xhost command.

However, if someone knows a better way, please let me know!

   <> Jim

Jim Small
EDS - Infrastructure Integrity
750 Tower Dr.
Troy, MI 48098-2868
* phone: +01-248-265-4863 [8-365]
* mailto:jim.small@eds.com