Re: xhost

From: Drew (simonis@myself.com)
Date: 05/29/02


Date: Wed, 29 May 2002 13:27:46 -0400
From: Drew <simonis@myself.com>
To: focus-sun@securityfocus.com


"Small, Jim" wrote:
>
> Hello Everyone,
>
> I am working on a security solution for a network of Solaris servers (7 and
> 8). The network is periodically scanned for vulnerabilities. The problem
> is system admins keep using "xhost +" from their CDE session so they can
> display xclients from other servers. Needless to say, no matter how many
> times I admonish them not to use xhost +, they do anyway.
>
> I need to prevent the possibility of someone doing an xhost +, even if they
> are root. The only solution I can think of is to delete the xhost command,
> and put a script in that notifies admins that its use is forbidden.

I think you are missing a large part of what makes for good security.
You can't have it without buy in from your user base. In this case,
the admins are those users, and they need a bit of hand slapping.

This problem is not a technical one, but one of policy, and the
lack of policy enforcment. A technical solution would be to fully
embrace RBAC, greatly (or totally?) eliminating the need to "be root"
and then enforcing a well defined and known security policy.

Fire the first admin who violates the new rules. I suspect you
shouldn't have to worry about it again...

(ok, so I live in a fantasy world.)