On Mon, 18 Oct 2010 18:25:48 +0200, Michał Górny <[email protected]> wrote: > This patch introduces a concept of ClientPtr tracking in the xdm auth > code. It makes sure that the xdm authentication data for a particular > client is removed immediately when the client disconnects, making the > semi-random client identifier reusable.
The point of the client identifier is to avoid replay attacks, which requires that all clients provide some unique information in their key. If you want to avoid this particular issue, you'd need to fix Xlib to send something other than the PID as the unique value. -- [email protected]
pgpLa5EwMEyYw.pgp
Description: PGP signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
