Re: [Xpert]Reg. X Security Extensions
On Sun, 14 Jul 2002, Andreas Ehliar wrote: > I don't know exactly how the Security-extension works, but it would be > nice if you could tunnel X over ssh without worrying about wether the > security of the remote machine has been compromised. Right now such a > tunnel could easily be used to eavesdrop on your keyboard for example. Sorry for the delay... About two months ago I started working on an X extension to handle ssh tunneled connections in a "better" (safer) way. BTW, I'm *not* an XFree86 hacker and don't know XFree86 internals in a great detail. Just some random guy that happens to write some code once in a while. I have a somewhat working prototype on my HD. I'll probably release it around September / October, unless someone is really *really* interested and can't wait. The current XFree (with the Security extension) and ssh are affected by the following problems: - In ssh you have to set ForwardX11 to 'yes' or 'no'. It's all-or-nothing. - To reduce the powers of remote clients, using the Security extension you can create an untrusted MIT-MAGIC-COOKIE: see xauth and the 'untrusted' option. It is possible, with some trick, to make ssh use that cookie. In that case remote clients have a restricted access to the X server. The access policy is quite fixed by the server: the only aspect that can be configured (AFAIK) is the access to window properties via the SecurityPolicy file. Moreover, if you use the 'untrusted' cookie, expect most current applications to die with BadAccess errors sooner or later. > Could the Security-extension be used to improve this? The point above is actually an improvement from the point of view of security: i.e., misbehaving clients are stopped with BadAccess errors. However, the bad news is that most clients are misbehaving. In my current prototype, misbehaving clients are not sent a BadAccess error. Instead, the clients are put on hold and a special client (the "supervisor" client) is notified. The supervisor can judge whether the client request is ok or not (currently it simply prompts the user with a yes/no dialog). On approval, the request is executed and the client proceeds smoothly. On rejection, the client is sent a BadAccess error. The performance loss is negligible (IMHO) since only suspicious requests from 'untrusted' clients (i.e. those which currently would generate BadAccess errors) cause the "hold / notify the supervisor / handle judgement" process. I also have a small patch to openSSH that permits to choose between X11Forward = yes, trusted / yes, untrusted / no . If anyone is interested in this small project, please contact me. I don't think, however, that it will ever be integrated in XFree86. That is, unless someone involved with the project wants it. I'll probably distribute the extension as a patch to XFree86. Bye, Zun. ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
On Sun, 14 Jul 2002, Andreas Ehliar wrote: > I don't know exactly how the Security-extension works, but it would be nice > if you could tunnel X over ssh without worrying about wether the security of > the remote machine has been compromised. Right now such a tunnel could easily > be used to eavesdrop on your keyboard for example. > > Could the Security-extension be used to improve this? After some thought I see the problem, so you probably know more about the security extension than I do. Since the tunnel isn't a single X client, it might not be easy to use the extension to tie the tunnel down. (Assuming that the extension works) you could start Xnest with no access to other clients, and run an ssh tunnel from the Xnest server instead of the main one. That ought to make Xnest into a sandbox for the compromised machine to play in. For all I know, there may be a way to config the security extension to block the tunnel. -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
On Tue, Jun 04, 2002 at 07:56:03AM -0700, [EMAIL PROTECTED] wrote: > Either way, we have (at least) three potential uses for the extension: > 1) shared resources like projectors or > 2) when using groupware > among relatively untrusted people. > 3) remote applets. I don't know exactly how the Security-extension works, but it would be nice if you could tunnel X over ssh without worrying about wether the security of the remote machine has been compromised. Right now such a tunnel could easily be used to eavesdrop on your keyboard for example. Could the Security-extension be used to improve this? /AE ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
>> Juliusz Chroboczek <[EMAIL PROTECTED]> writes: > Now that 16 Megs of memory and a MIPS or ARM processor come for free, > and that every laptop has an Ethernet port, it would make sense to > have X11 in the projector. Which, in turn, would create a market for > Keith's ``run Windows over X'' software. Oh, cute! Furnish it with a decent OpenGL-capable graphics chip and I'll buy one :-) If it can use commodity off the shelf graphic cards, I'll buy two. -- Marcelo ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
Le mar 04/06/2002 à 18:23, Dr Andrew C Aitchison a écrit : > Given that the (digital) X network traffic is likely to be much > smaller than the (analog?) video bandwidth, I agree that the projector > should have an ethernet port instead (OK as well for now) as a VGA > connector. Instead ? Noo, if I buy a projector it'll be mainly as a home theater or to play games on a big screen. No way a remote X session will ensure that works with correct FPS. ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
On 4 Jun 2002, Juliusz Chroboczek wrote: > Well, I was thinking about something much simpler. At every > conference I've been to, we loose a good few minutes per hi-tech talk > while the chairman (sweating with nervousness) tries to connect the > speaker's laptop to the projector. Now that 16 Megs of memory and a > MIPS or ARM processor come for free, and that every laptop has an > Ethernet port, it would make sense to have X11 in the projector. > Which, in turn, would create a market for Keith's ``run Windows over > X'' software. Given that the (digital) X network traffic is likely to be much smaller than the (analog?) video bandwidth, I agree that the projector should have an ethernet port instead (OK as well for now) as a VGA connector. This simplifies what to do with the joystick/mouse many projectors now come with (no more plugging the projector's mouse lead into your laptop) but does mean that they need a keyboard or similar device with which to log into the laptop. Can I put in a plea for an ssh client as an alternative to xdm ? -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
>> Are there any video projectors that embed an X server? JG> Keith and I have been spending some time thinking about projector walls, Well, I was thinking about something much simpler. At every conference I've been to, we loose a good few minutes per hi-tech talk while the chairman (sweating with nervousness) tries to connect the speaker's laptop to the projector. Now that 16 Megs of memory and a MIPS or ARM processor come for free, and that every laptop has an Ethernet port, it would make sense to have X11 in the projector. Which, in turn, would create a market for Keith's ``run Windows over X'' software. Of course, the above is merely a workaround. The proper fix is to use OHP slides, as Real Men do. Juliusz ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
Since projector prices are dropping, a projector is now not much more than a hacker's hacker machine (2-3K), so projectors are becoming much more common, and are appearing in many/most conference rooms, and they all sport VGA connectors... Keith and I have been spending some time thinking about projector walls, that would incorporate multiple displays, and give higher resolution, but we've not done anything real yet. - Jim > Sender: [EMAIL PROTECTED] > From: Juliusz Chroboczek <[EMAIL PROTECTED]> > Date: 04 Jun 2002 15:47:43 +0100 > To: [EMAIL PROTECTED] > Subject: Re: [Xpert]Reg. X Security Extensions > - > >> I've never seen anybody use the security extension, and have yet to > >> feel the need for it. > > AA> It seems to appear at the same time as the remote X extension, xrx, > AA> which makes me think that the idea something like this: > > AA> You have a browser (netscape was one possiblility) with an xrx > AA> plugin, and browse my web site. > > Yep, that's what the XC claimed when X11R6.3 came out. Remarkably > dumb idea. Shows a complete lack of understanding of what type of > problems Java and the technologies based on Javascript and CSS > (``dynamic HTML'') are trying to solve. > > (A wide-area round-trip for every expose event andevery keystroke. > Sheesh.) > > Jim's example is more convincing, though. Are there any video > projectors that embed an X server? > > Juliusz > ___ > Xpert mailing list > [EMAIL PROTECTED] > http://XFree86.Org/mailman/listinfo/xpert -- Jim Gettys Cambridge Research Laboratory HP Labs, Hewlett-Packard Company [EMAIL PROTECTED] ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
I believe the origination of the extension was the CMW work (compartmented mode workstation) push of the U.S. Federal government in the early 90's, to allow different security level information to be on the screen at the same time. This was the infamous "orange book". Either way, we have (at least) three potential uses for the extension: 1) shared resources like projectors or 2) when using groupware among relatively untrusted people. 3) remote applets. Parts of the CMW push were pretty daft: excessive worry about back channels between security levels, for example. That part of the CMW work got to the point of paranoia... - Jim -- Jim Gettys Cambridge Research Laboratory HP Labs, Hewlett-Packard Company [EMAIL PROTECTED] ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
>> I've never seen anybody use the security extension, and have yet to >> feel the need for it. AA> It seems to appear at the same time as the remote X extension, xrx, AA> which makes me think that the idea something like this: AA> You have a browser (netscape was one possiblility) with an xrx AA> plugin, and browse my web site. Yep, that's what the XC claimed when X11R6.3 came out. Remarkably dumb idea. Shows a complete lack of understanding of what type of problems Java and the technologies based on Javascript and CSS (``dynamic HTML'') are trying to solve. (A wide-area round-trip for every expose event andevery keystroke. Sheesh.) Jim's example is more convincing, though. Are there any video projectors that embed an X server? Juliusz ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
On 3 Jun 2002, Juliusz Chroboczek wrote: > I've never seen anybody use the security extension, and have yet to > feel the need for it. It seems to appear at the same time as the remote X extension, xrx, which makes me think that the idea something like this: You have a browser (netscape was one possiblility) with an xrx plugin, and browse my web site. xrx allows my cgi scripts to run an X app and display it inside your browser. You probably don't want my app to find out about your other X applications. As I understand it, the X Security Extensions allows the server to tell my app which fonts, visuals and other resources are available, without compromising your clients. One thing that needs careful consideration is "When should I be allowed to read the cut buffers ?" -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
> > I've never seen anybody use the security extension, and have yet to > feel the need for it. > The scenario I see where it may have use is for shared environments like projectors/projector walls, so you might have much looser access control than usual, but want some level of projection between users. - Jim -- Jim Gettys Cambridge Research Laboratory HP Labs, Hewlett-Packard Company [EMAIL PROTECTED] ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
Re: [Xpert]Reg. X Security Extensions
HS> I need some help on understanding "X Security Extensions". HS> This seems to be made up of X server having the -sp option, commands HS> like xhost, authorization through MIT-MAGIC-COOKIE-1... I think they are two different things. xhost, MIT-MAGIC-COOKIE and friends are the X server's access control. They are various means of making sure that only trusted clients can connect to your server, and have been around for ever. The Security Extension, introduced with X11R6.3, I believe, is about allowing untrusted client to connect to the X server, and keeping them in a sandbox, i.e. making sure that they only perform ``harmless'' operations. How well that works I don't know, but my gut instinct would be not to trust it. HS> Is having X Security properly enabled for a desktop a configuration HS> issue? Having proper access control is essential. If you're running on a single-user machine you might get away with just xhost security, but using xauth is definitely better. It should be completely transparent. I've never seen anybody use the security extension, and have yet to feel the need for it. HS> Information [...] confidential [...] strictly prohibited. Sounds exciting. Juliusz ___ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
[Xpert]Reg. X Security Extensions
Hello, I need some help on understanding "X Security Extensions". From what I understand, this is a specification ( X11R6...) to enhance X server security. This seems to be made up of X server having the -sp option, commands like xhost, authorization through MIT-MAGIC-COOKIE-1... Is having X Security properly enabled for a desktop a configuration issue? Or, are there specific APIs (libXext ?) that an application can use to take advantage of this X Security extension? I am looking at GNOME apps in terms of security and am trying to understand how the underlying X Security support impacts a GNOME application and what are the ways to 'enable' it for an app (configuration, coding ). Thanks in advance. Regards, Hema. **Disclaimer** Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited.