Mailinglist Archive: opensuse-security (331 mails)
| < Previous | Next > |
Re: [suse-security] Sniffing other user's session
- From: Robert Casties <robert.casties@xxxxxxxxxxxxxx>
- Date: Thu, 21 Sep 2000 13:54:55 +0200 (CEST)
- Message-id: <Pine.LNX.4.21.0009211346560.5695-100000@xxxxxxxxxxxxx>
On Thu, 21 Sep 2000, Jose Luis Tinoco wrote:
> We have here a server and a couple of X-terminals
> connected to it (X over ip). Is it somehow possible for
> a regular user to set a sniffer or something similar
> (as user of the server on the server) so that he/she
> can "see" the whole X-session another ones who sits at
> a terminal?
As far as I know (which is not very far ;-) it should not be possible to
snoop a X session only with user access on the server as long as X
authorisation with cookies is used.
If users from the server or from other machines can see the X protocol
traffic on the wire there is no security with plain X protocol.
> Should I consider tunneling all X-sessions through ssh,
> or is this unnecessary?
Generally this is desirable in the interest of security but your X
terminals have to support it or they have to be on a separate segment with
a machine doing SSH tunneling to the server (sort of VPN).
Robert
--
Robert Casties --------------------- http://philoscience.unibe.ch/~casties
History & Philosophy of Science Tel: +41/31/631-8505 Room: 216
Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern
Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
> We have here a server and a couple of X-terminals
> connected to it (X over ip). Is it somehow possible for
> a regular user to set a sniffer or something similar
> (as user of the server on the server) so that he/she
> can "see" the whole X-session another ones who sits at
> a terminal?
As far as I know (which is not very far ;-) it should not be possible to
snoop a X session only with user access on the server as long as X
authorisation with cookies is used.
If users from the server or from other machines can see the X protocol
traffic on the wire there is no security with plain X protocol.
> Should I consider tunneling all X-sessions through ssh,
> or is this unnecessary?
Generally this is desirable in the interest of security but your X
terminals have to support it or they have to be on a separate segment with
a machine doing SSH tunneling to the server (sort of VPN).
Robert
--
Robert Casties --------------------- http://philoscience.unibe.ch/~casties
History & Philosophy of Science Tel: +41/31/631-8505 Room: 216
Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern
Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
| < Previous | Next > |