Path: utzoo!utgpu!watmath!watcgl!idallen
From: idallen@watcgl.waterloo.edu (Ian! D. Allen [CGL])
Newsgroups: uw.cgl,uw.mfcf.people
Subject: X Window system has no security
Message-ID: <11608@watcgl.waterloo.edu>
Date: 25 Sep 89 15:29:44 GMT
Distribution: uw
Organization: U of Waterloo, Ontario
Lines: 20

Just so people around here know the truth about X:

>Newsgroups: comp.windows.x
>Subject: Re: X and security (or lack there of)
>Summary: X is totally devoid of security(almost)

Security in X windows is a major problem. This issue was addressed
at the Xhibition in a conference which was entitled something like
"X security, an oxymoron?".  X windows lacks even the normal security
(discresionary access conrtol) which is normally provided to objects
within the system.  Once a host is given access to an X server any
user on that host can do anything to the X server.  This means that
any client can move or delete windows, or capture keystrokes.  No
special privilege is required to execute any of the X commands.

Kerberos is the project Athena attempt at network security, but it
does nothing to make X itself more secure.
-- 
-IAN! (Ian! D. Allen) idallen@watcgl.uwaterloo.ca idallen@watcgl.waterloo.edu
 129.97.128.64    Computer Graphics Lab/University of Waterloo/Ontario/Canada