Path: utzoo!utgpu!watmath!watcgl!idallen From: idallen@watcgl.waterloo.edu (Ian! D. Allen [CGL]) Newsgroups: uw.cgl,uw.mfcf.people Subject: X Window system has no security Message-ID: <11608@watcgl.waterloo.edu> Date: 25 Sep 89 15:29:44 GMT Distribution: uw Organization: U of Waterloo, Ontario Lines: 20 Just so people around here know the truth about X: >Newsgroups: comp.windows.x >Subject: Re: X and security (or lack there of) >Summary: X is totally devoid of security(almost) Security in X windows is a major problem. This issue was addressed at the Xhibition in a conference which was entitled something like "X security, an oxymoron?". X windows lacks even the normal security (discresionary access conrtol) which is normally provided to objects within the system. Once a host is given access to an X server any user on that host can do anything to the X server. This means that any client can move or delete windows, or capture keystrokes. No special privilege is required to execute any of the X commands. Kerberos is the project Athena attempt at network security, but it does nothing to make X itself more secure. -- -IAN! (Ian! D. Allen) idallen@watcgl.uwaterloo.ca idallen@watcgl.waterloo.edu 129.97.128.64 Computer Graphics Lab/University of Waterloo/Ontario/Canada