hostname change breaks X - how to connect 127.0.0.1 ?
Keith Packard
keithp at keithp.com
Tue Aug 31 14:39:09 PDT 2004
Around 20 o'clock on Aug 31, Alan Cox wrote:
> Especially since DNS is not trustable so hostnames are not trustable so X
> host based auth is worth rather less than you might think (ie near zilch).
We're not discussing the (obviously insecure) host based auth scheme here,
but rather the local hostname-based keying of the shared secret key auth
schemes (MIT-MAGIC-COOKIE-1 and XDM-AUTHORIZATION-1). The database of
avaialble secrets is keyed off of the local hostname so that multiple
hosts can share the same key file. The database is *also* keyed off of
the display number, so multiple displays on the same machine are supported.
If the database contains an entry with an empty hostname, it will match
any hostname, so a .Xauthority file which is used only on a single host
could use this method quite reliably.
Not that MIT-MAGIC-COOKIE-1 is secure when used across a bare X network
connection, but it is fine when tunneled over ssh.
-keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20040831/81effcac/attachment.pgp>
More information about the xorg
mailing list