Mailinglist Archive: opensuse-security (64 mails)
| < Previous | Next > |
Re: [suse-security] nessus output
- From: Jean Luc Laborde <laborde@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Jul 1999 09:58:14 +0100
- Message-id: <37A16926.C1990192@xxxxxxxxxxxxxxxxxx>
Peter Münster wrote:
> On Thu, 29 Jul 1999, Eric Mosley wrote:
>
> > On this machine, there is an X11-Server that grants access
> > without authentification. That means a hacker is able to sniff
> > every keystroke that is typed on the X11-Server (or get a copy of the
> > victims screen).
> > Solution: use MIT-Cookies, xauth.
>
> Hello Eric,
> yes, indeed, starting X via "startx" on a SuSE system (NOT the X-server on
> tty7 under runlevel 3), is not secure at all. Some weeks ago I constructed
> a solution:
>
> This line in /etc/profile (already done in suse with x = startx):
> function x { /usr/X11R6/bin/startx $* &> ~/.X.err & }
> In ~/.alias:
> alias xl='cd;x -- -auth .Xauthority;logout'
> In the beginning of ~/.xinitrc:
> xauth add $DISPLAY . `ps auxw|md5sum|cut "-d " -f1`
>
> Then: starting X by "xl".
>
> Perhaps I forgot something, so write me if you have problems!
>
> > Also, can I comment out in inetd.conf telnet shell and login and still
> > start a new xterm?
>
> This has nothing to do with it...
> Yes, you can still start a new xterm!
>
> Ciao, Peter
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
Hello, i read all that mails about nessus, but i'm little newby : do you
thinck running X-server under tty7 in run-level 3 is secure ? Then what is
nessus exactly and what are MIT_COOKIES - i saw some allusions in xauth man
but i don't know how to use it.
Joan Luc
--
Be m'agrada la convinens sazos
E m'agrada lo cortes temps d'estiu
E m'agrada l'auzel, quan canta piu.
E m'agrada floretas per boissos.
> On Thu, 29 Jul 1999, Eric Mosley wrote:
>
> > On this machine, there is an X11-Server that grants access
> > without authentification. That means a hacker is able to sniff
> > every keystroke that is typed on the X11-Server (or get a copy of the
> > victims screen).
> > Solution: use MIT-Cookies, xauth.
>
> Hello Eric,
> yes, indeed, starting X via "startx" on a SuSE system (NOT the X-server on
> tty7 under runlevel 3), is not secure at all. Some weeks ago I constructed
> a solution:
>
> This line in /etc/profile (already done in suse with x = startx):
> function x { /usr/X11R6/bin/startx $* &> ~/.X.err & }
> In ~/.alias:
> alias xl='cd;x -- -auth .Xauthority;logout'
> In the beginning of ~/.xinitrc:
> xauth add $DISPLAY . `ps auxw|md5sum|cut "-d " -f1`
>
> Then: starting X by "xl".
>
> Perhaps I forgot something, so write me if you have problems!
>
> > Also, can I comment out in inetd.conf telnet shell and login and still
> > start a new xterm?
>
> This has nothing to do with it...
> Yes, you can still start a new xterm!
>
> Ciao, Peter
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
Hello, i read all that mails about nessus, but i'm little newby : do you
thinck running X-server under tty7 in run-level 3 is secure ? Then what is
nessus exactly and what are MIT_COOKIES - i saw some allusions in xauth man
but i don't know how to use it.
Joan Luc
--
Be m'agrada la convinens sazos
E m'agrada lo cortes temps d'estiu
E m'agrada l'auzel, quan canta piu.
E m'agrada floretas per boissos.
| < Previous | Next > |