From: Small, Jim (jim.small@eds.com)
Date: 05/29/02

From: "Small, Jim" <jim.small@eds.com>
To: focus-sun@securityfocus.com
Date: Wed, 29 May 2002 09:30:51 -0400

Hello Everyone,

I am working on a security solution for a network of Solaris servers (7 and
8). The network is periodically scanned for vulnerabilities. The problem
is system admins keep using "xhost +" from their CDE session so they can
display xclients from other servers. Needless to say, no matter how many
times I admonish them not to use xhost +, they do anyway.

I need to prevent the possibility of someone doing an xhost +, even if they
are root. The only solution I can think of is to delete the xhost command,
and put a script in that notifies admins that its use is forbidden.

The way to enable remote clients to display on the local X server would then
(Where server1 is the local X server and server2 wants to display an xclient
on server1)
server1% xauth list
server1:0 MIT-MAGIC-COOKIE-1 796d707638793975614f785371674a52
server1/unix:0 MIT-MAGIC-COOKIE-1 796d707638793975614f785371674a52

server2% DISPLAY=server1:0
server2% export DISPLAY
server2% xauth add server1:0 MIT-MAGIC-COOKIE-1
server2% xprogram

Of course it would be better to use secure RPC (or one of the other secure
methods in Xsecurity(7), but I have not found a way to implement secure RPC
without using xhost. For example, in order to use secure RPC, you have to
do something such as:
xhost nis:user@localnisdom, you then use xauth and can connect to the X
Unfortunately in this situation, someone can simply do an xhost +. A script
is not viable, because since this is a server and only admins will be using
it, they would easily be able to get around any script. That's why I'm
inclined to think the only sure way is to delete the xhost command.

However, if someone knows a better way, please let me know!

   <> Jim

Jim Small
EDS - Infrastructure Integrity
750 Tower Dr.
Troy, MI 48098-2868
* phone: +01-248-265-4863 [8-365]
* mailto:jim.small@eds.com

Relevant Pages

  • SUMMARY: remote CDE logins
    ... access by any client (e.g. xterm running on what you call your server). ... your "DISPLAY" is what is serving X to the X application ... xhost + will disable access control, so anyone can access your X server. ... Do you want an entire CDE login session from the remote machine ...
  • Re: xhost +localhost
    ... > No, in fact, xhost needs the DISPLAY variable already set so that it ... > knows which display to try and connect to to change access control. ... allows anyone to access the X server through unix domain sockets. ... > the cookie is then sends it to the X server to authenticate itself. ...
  • [SLE] YAST Online Update error: kdesu: cannot connect to X server
    ... when i try to run yast from the command line and run online update i get this error message: ... SUSE LINUX Enterprise Server 9 ... sux: Missing DISPLAY variable ... xhost: ...
  • My solution for preventing xhost +
    ... from running xhost + and thereby exposing an/the X server. ... If the script detects this condition, ... echo "Re-enabling access control per Security Policy." ...
  • SUSE 9.1: remote X-applications using "$DISPLAY" fail
    ... I'm trying to use the mechanism using the DISPLAY ... environment variable and enabling the access on the server side with ... xhost +.... ...