Security question?

Adam Jackson ajax at nwnk.net
Wed Nov 3 13:52:21 PST 2004


On Wednesday 03 November 2004 16:33, Thomas Hellström wrote:
> Hi!
>
> I'm working on a way for the client XvMC lib to determine whether an X
> server connection is local or not.
>
> The best way I've come up with so far is for the client to allocate a
> shared memory page, and fill it with a pattern which is seeded by a
> pseudo-random 32-bit number. It then transmits this number and the
> shared memory page ID to the server which tries to map the shared memory
> page, verifies the pattern and returns either fault or OK.
>
> <snip>
>
> Is this an acceptable approach security-wise?
> Are there simpler ways?

getsockname(3) on the connection fd.  It's local if one of:

- family is PF_UNIX
- family is PF_INET and address is 127.0.0.1
- family is PF_INET6 and address is ::1
- family is PF_DECnet and address is whatever the DECnet loopback address is 
(probably you don't need to worry about this case)

I suppose you could add some more work to check if the IP address matches that 
of any of the attached network interface, but I wouldn't bother.

From a security standpoint this is perfect.  The user can spoof getsockname() 
through linker tricks, but neither case is problematic.  If the connection is 
local and the user spoofs it isn't, then XvMC will fail to work because it 
won't be able to open the hardware.  If the connection is remote but the user 
spoofs it's local, then the XvMC lib will open the local hardware, which the 
user already _has_ access to.

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20041103/d4c5bf6b/attachment.pgp>


More information about the xorg mailing list