X server access
Summary
X server access from arbitrary hosts.
Impact
A remote intruder can control the keyboard, mouse and screen.
Background
The X Window system implements an environment where applications use
the network to interact with a user workstation's display, keyboard and
mouse. There are two classes of programs:
- The X server: the program that manages the user's workstation
display and input devices.
- X clients: the applications that run on the user's workstation or
elsewhere in the network.
The problem
When the X server permits access from arbitrary hosts on the network, a
remote intruder can connect to the X server and:
- Read the user's keyboard, including any passwords that the user
types,
- Read everything that is sent to the screen,
- Write arbitrary information to the screen,
- Start or terminate arbitrary applications,
- Take control of the user's session.
Fix
Remove all instances of the xhost + command from the
system-wide Xsession file, from user .xsession
files, and from any application programs or shell scripts that use the
X window system.
Other tips
- Use the X magic cookie mechanism or equivalent. With logins under
control of xdm, you turn on authentication by editing the
xdm-config file and setting the
DisplayManager*authorize attribute to true.
- When granting access to the screen from another machine, use the
xauth command in preference to the xhost
command.
- See the
Admin
Guide to Cracking for an example of why this is a problem.