Re: Setuid problems & OpenSSH X-forwarding
From: Barry Margolin (barmar@genuity.net)Date: 08/19/02
- Next message: : "Re: chroot user programs"
- Previous message: Jenn: "Setuid problems & OpenSSH X-forwarding"
- In reply to: Jenn: "Setuid problems & OpenSSH X-forwarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barry Margolin <barmar@genuity.net> Date: Mon, 19 Aug 2002 20:39:04 GMT
In article <6262ae6b.0208191219.3b1d65ea@posting.google.com>,
Jenn <jaz24@drexel.edu> wrote:
>OK, I got the setuid program to work with OpenSSH X-forwarding by
>setting $HOME/.Xauthority to 640. But this must be manually reset upon
>each new ssh session. The .Xauthority file get set back to 600 upon
>exit.
>
>What security implications do I need to be concerned with by opening
>group read, if any? What can someone do w/the MIT_COOKIE or auth list
>output? What data is actually encyrpted in this key when it's
>generated by xdm?
The cookie in the .Xauthority file is basically the password to your X
server. Anyone who can get this can establish an X session with your
server (assuming they can make a connection to the server at the TCP/IP
level).
-- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: : "Re: chroot user programs"
- Previous message: Jenn: "Setuid problems & OpenSSH X-forwarding"
- In reply to: Jenn: "Setuid problems & OpenSSH X-forwarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
