On 06/07/12 21:33, Mike Mestnik wrote: > On 06/07/12 21:07, Peter Hutterer wrote: >> On Thu, Jun 07, 2012 at 07:03:25AM -0500, Mike Mestnik wrote: >>> Hello, >>> I just got done slamming, perhaps as a troll, a lwn.net article. I >>> may have gone too far and I don't believe you can go to far when it >>> comes to security. I'm not the type to give up, you've attached with a >>> keylogger to my X... Well now your keylogger is attached to my >>> sub-server and I'm going send you about a dozen fortunes, then I'll try >>> and backhack some arbitrary code your way. Get off my server or the >>> hunter will become the hunted. >>> >>> What bothers me the most is that I'm finding out about this by reading a >>> news article. When did X developers stop caring about clients after >>> they had connected? I don't believe that malicious clients can never >>> connect to an X server or that it would be "absolutely" possible to >>> prevent malicious clients from connecting. So why is it that Security >>> in X has fallen to this level, if it has and this article basically >>> admits that it has or will? When did this change occur and why wasn't I >>> told? >>> >>> I hope that at least a handful of you are at least mildly concerned that >>> X might become an open playground for keyloggers and other malicious >>> software once a client connection has been authenticated. Is it really >>> then intention of the X community to forgo any security post client >>> authentication? I hope you can at least understand where I'm coming >>> from, to have to find out about this in a news article not related to a >>> change in security. >>> >>> In shore, I believe that an ounce of prevention is worth a pound of >>> cure. Users should fill that ounce with there bets effort to try and >>> keep malicious clients off the X server. I don't believe that's enough, >>> there has to be a cure for when this fails. A great offense that when >>> combined with the Users defense forms a complete team that's not only >>> the best, but unbeatable. I know that if keyloggers are prevented from >>> reading anything useful that there won't be any keyloagers that break >>> past X's authentication security. However I also know that if there is >>> something to be gained from forging an xauth, that hackers will be >>> tempted and eventually success in penetrating the outer defense. >>> >>> Another related issue is that if it is indeed the case where an >>> authenticated client might have free reign into all user input(where >>> multi-touch devices are open regardless of the keyboard-focus-lock). >> >> the "keyboard focus lock" doesn't work as you think it does. short story: >> there isn't really any, a malicious app can get around it and this has been >> the case since approx 1994. >> > Is this to be used as an excuse to not have any security? It sounds > like that's what you are saying and it's vary disturbing, where would > such an ideology end... How far would be too far for this to spread? > This attitude seams like it could vary easily be infinitely recursive. > > I reject this concept, it shouldn't be allowed to spread any further. > Not only recursive, but it'll end up being bi-directional as well. Y isn't secure because X needs to be secure, X isn't secure because Y won't ever be secure. This deal-lock shouldn't be allowed to exist, some chicken or egg needs to be created first... It doesn't matter which, however if Y is new, then it should be rejected until it is secure. We shouldn't allow new code to be implemented that adds new security concerns, unless it may fix older ones.
>>> This IMHO would disable(or at least render so insecure it's unthinkable) >>> the feature of X that allows for remote clients. I don't think a remote >>> root should ever be trusted, even if that is you. The simple matter is >>> that a remote box could have been powned. >>> >>> http://lwn.net/Articles/485484/ >>> >>> Please join my cause to keep xinput secure, even when malicious clients >> >> s/keep/make/ :) >> >> Cheers, >> Peter >> >>> are connected. Actually I'd be looking for some one with more political >>> savvy then myself, I know that I'm actually the worst person you want >>> speaking on your behalf. >>> Please read some of my comments on the lwn.net forum, I stand by what >>> I've said. >> > _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
