Mailinglist Archive: opensuse-security (64 mails)
| < Previous | Next > |
Re: [suse-security] nessus output
- From: Peter Münster <peter@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jul 1999 19:24:03 +0200 (CEST)
- Message-id: <Pine.LNX.4.10.9907291908260.415-100000@xxxxxxxxxxxxxxxxxxxxxxxxxx>
On Thu, 29 Jul 1999, Eric Mosley wrote:
> On this machine, there is an X11-Server that grants access
> without authentification. That means a hacker is able to sniff
> every keystroke that is typed on the X11-Server (or get a copy of the
> victims screen).
> Solution: use MIT-Cookies, xauth.
Hello Eric,
yes, indeed, starting X via "startx" on a SuSE system (NOT the X-server on
tty7 under runlevel 3), is not secure at all. Some weeks ago I constructed
a solution:
This line in /etc/profile (already done in suse with x = startx):
function x { /usr/X11R6/bin/startx $* &> ~/.X.err & }
In ~/.alias:
alias xl='cd;x -- -auth .Xauthority;logout'
In the beginning of ~/.xinitrc:
xauth add $DISPLAY . `ps auxw|md5sum|cut "-d " -f1`
Then: starting X by "xl".
Perhaps I forgot something, so write me if you have problems!
> Also, can I comment out in inetd.conf telnet shell and login and still
> start a new xterm?
This has nothing to do with it...
Yes, you can still start a new xterm!
Ciao, Peter
> On this machine, there is an X11-Server that grants access
> without authentification. That means a hacker is able to sniff
> every keystroke that is typed on the X11-Server (or get a copy of the
> victims screen).
> Solution: use MIT-Cookies, xauth.
Hello Eric,
yes, indeed, starting X via "startx" on a SuSE system (NOT the X-server on
tty7 under runlevel 3), is not secure at all. Some weeks ago I constructed
a solution:
This line in /etc/profile (already done in suse with x = startx):
function x { /usr/X11R6/bin/startx $* &> ~/.X.err & }
In ~/.alias:
alias xl='cd;x -- -auth .Xauthority;logout'
In the beginning of ~/.xinitrc:
xauth add $DISPLAY . `ps auxw|md5sum|cut "-d " -f1`
Then: starting X by "xl".
Perhaps I forgot something, so write me if you have problems!
> Also, can I comment out in inetd.conf telnet shell and login and still
> start a new xterm?
This has nothing to do with it...
Yes, you can still start a new xterm!
Ciao, Peter
| < Previous | Next > |