On 06/07/12 08:15, Michal Suchanek wrote: > Hello. > > There has never been any security in the X protocol beyond the > connection authentication. > http://tutorials.section6.net/home/basics-of-securing-x11
I'm referring to the XGrabKeyboard() call and yes X has many other layers of security that I feel are worth mentioning. For example OpenGL applications are forbidden from accessing all of system memory via GPU DMA. To consider that there is no security is a little narrow-minded, there is *plenty of security. The issue I'm reporting is that of what *little security there is, it's being chipped away under the flag of "There is not as much security as there should be, so a little less security is not a problem." I'm saying this is a huge problem to remove security in an area that clearly doesn't have enough security... not the other way around. * The amount of security is only perhaps a fraction of what it should be, but there is still a lot of it. > You have not been told it was removed because it has not, there has never > been. > > There is some stuff in place that discriminates "remote" and "local" > clients and forbids "remote" clients doing some stuff but that's it. > > The reason is simple. The fact that the client *can* connect locally > means that it runs on your local machine and has permission to access > a secret that is presumably specific to your account (the current > authentication scheme is somewhat weak by today standard but the > protocol is extensible to encompass new schemes yet nobody cared > enough to add something better). > > Given that X was developed and runs on POSIX systems that have no > process security whatsoever then a process that can access one of your > files (the secret) can access all of your other files and processes > and would have no reason to attack through X while it can do the same > directly. > > Regards > > Michal > _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
