Browse Prior Art Database

Safe Anticipated Xhost

IP.com Disclosure Number: IPCOM000020990D
Original Publication Date: 2003-Dec-16
Included in the Prior Art Database: 2003-Dec-16
Document File: 1 page(s) / 37K

Publishing Venue

IBM

Abstract

Safe Anticipated Xhost

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 79% of the total text.

Page 1 of 1

Safe Anticipated Xhost

There is a user security vulnerability inherent in setting display window to appear on remote hosts, due to the possibility of mistyping the hostname and the display being set on a untrusted remote host.

In a windowing that supports the setting of remote displays, it is possible to allow remote hosts to open a window on your system. This is done with the command such as xhost. For example,

% xhost # will allow any host to open a window on your display.

%xhost +hostname.anyplace.com # this will allow only hostname.anyplace.com to open a window on your display.

Most windowing systems operate in the same basic manner, allowing all remote hosts or a specifying specific hosts.

It is dangerous to allow all hosts because someone could open up a window that looks like...

------------xterm-------------------------------

| % dce_login user_name |

| passwd: |

_____________________________

The user will think this is a local xterm he forgot about and enter his password, but it is actually a remote

xterm and the password will simply be recorded at the remote site.

This idea is that only remote hosts from which the server has an active telnet session to will be allowed to

open set DISPLAY back to the server and open an Xwindow.

Safe Anticipated Xhost is an xhost feature which anticipates the common work flow of the user and applies simple safe layer of security. The common work environment is one in which the user telnets to a remote host and sets displa...