On Tue, Nov 17, 2009 at 10:29:45AM -0800, Alan Irwin wrote: > On 2009-11-17 09:36-0000 Andrew Ross wrote: > >> On Tue, Nov 17, 2009 at 08:54:09AM +0100, Arjen Markus wrote: >>> >>> >>> On 2009-11-17 05:51, Alan W. Irwin wrote: >>>> On 2009-11-16 20:29-0500 David A. Ventimiglia wrote: >>>> >>>>> Hi Alan, >>>>> >>>>> Thanks for the reply. I'm sorry, but I don't really understand X >>>>> Windows security or the lack thereof, so I'll have to spend some time >>>>> grokking this xhost business. :) In any event, it sounds like what >>>>> you're saying is that this error is not a problem with Tcl, Tk, or >>>>> PLplot, but rather a legitimate security hole that is either uncommon or >>>>> doesn't exist at all on other Linux distros, but evidently does exist in >>>>> Ubuntu Karmic Koala (at least, it does on my machine...I wonder what >>>>> would happen if I'd done a clean install instead of an upgrade from >>>>> Jaunty Jaguar). Is that correct? In that case, I suppose my queries >>>>> should be redirected at the Ubuntu maintainers. :) >>>> >>>> Yes, and yes. :-) >>>> >>> >>> I can add some further information on the issue (from the man page of >>> the Tcl/Tk send command): >>> >>> The send command is potentially a serious security loophole. On Unix, >>> any application that can connect to your X server can send scripts to >>> your applications. These incoming scripts can use Tcl to read and write >>> your files and invoke subprocesses under your name. Host-based access >>> control such as that provided by xhost is particularly insecure, since >>> it allows anyone with an account on particular hosts to connect to your >>> server, and if disabled it allows anyone anywhere to connect to your >>> server. In order to provide at least a small amount of security, Tk >>> checks the access control being used by the server and rejects incoming >>> sends unless (a) xhost-style access control is enabled (i.e. only >>> certain hosts can establish connections) and (b) the list of enabled >>> hosts is empty. This means that applications cannot connect to your >>> server unless they use some other form of authorization such as that >>> provide by xauth. Under Windows, send is currently disabled. Most of the >>> functionality is provided by the dde command instead. >>> >>> IIRC, Tcl/Tk can be compiled with a flag that turns off this security >>> check, but I do not think that is a wise thing to do. >> >> Just to comment further, this issue has been around with Ubuntu (maybe also >> Debian?) for a while. It is not a security issue. The default ubuntu setup >> has xhost +SI:localuser:<username>, where username is the user logged on. >> This allows the local user to display on the server - in particular it means >> that x programs started via sudo will correctly display. You can disable >> this, but then things like the package manager which need to run as root >> won't work. I don't think this particular use of xhost is a security issue, >> but tk is not that discriminating. The best course is probably to file a >> bug against the tk package in Ubuntu. By default you would expect it to >> work... The best solution would be a patch to tcl / tk to allow the localuser >> case. > > Thanks, Andrew, for that further explanation of the Ubuntu xhost default. I > am positive Debian doesn't do it that way by default (perhaps there is no > need since they tend not to emphasize sudo like Ubuntu does), but it does > sound like > > xhost +SI:localuser:<username> > > is an example of one of the few xhost +* combinations that is secure, and > Ubuntu might need to patch Tcl/Tk accordingly to accept that. > > However, that explanation may be too easy and Ubuntu may have done that > already. For example, my understanding is you do run Ubuntu and you do test > Tcl/Tk, and apparently the above "xhost +*" combination is set for your > case. So I am wondering why you haven't run into this problem yourself? If > you cannot reproduce this issue with any of your Ubuntu platforms, then > perhaps this user has some older Tcl/Tk installed that is not really > compatible with Karmic, and in that case, the solution for him might be to > simply purge Tcl/Tk and reinstall the version of Tcl/Tk that comes with > Karmic (which is more likely to be compatible with how Karmic handles > xhost).
This has been a longstanding issue for me with tk and Ubuntu, it's just I've silently worked around it by disabling xhost altogether when I need to test tk and plplot. I tend not to use tk regularly, and I also tend not to use the GUI admin tools so it is not too much of a pain for me. I'm glad to hear it is fixed upstream in tcl / tk though. Andrew ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Plplot-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/plplot-general
