Re: Xwindows security?

[rens () imsi com (Rens Troost)]

> > > > > "Jon" == Jon Peatfield <J.S.Peatfield () amtp cam ac uk> writes:

  Jon> It is a little better as you don't have to copy arround cookies
  Jon> (usually done in very insecure ways) and all the authentication
  Jon> is done in the X server rather than just trusting anyone who
  Jon> has got a copy of the cookie.  You can also revoke a
  Jon> (user,host) pair at the server end once you have finished using
  Jon> that machine.

I see your point; the functionality looks better. But the actual
security is still at the level of trusting the host.

  Jon> One trick you can do with this is to get the X server to run
  Jon> through all current windows and perform the check again on
  Jon> their existing connection based on the current rules.  A server

This is a decent idea, though you'd have to keep state about the user
associated with the display connection in the server. If you're going
to be keeping this kind of information in the server on a
per-connection basis, you may as well keep some sort of token or
cookie 

  Jon> The actual code to do an Ident based checker is pretty small,
  Jon> not much more than the size of the current cookie checker and
  Jon> generator.  Not *much* more complex.

Authentication is now moved to an external process on a different
machine possibly at a different site. Again, this gives a very nice
paradigm for managing authorization, but I do not see how it can be
said in any way to provide authentication. 

  Jon> I don't see how multiple cookies would help unless you generate
  Jon> a different one for each host and require a (cookie,host) pair
  Jon> to match.  

one for each (host, user),  actually. Yes, cookie distribution remains
a problem.

  Jon> encrypted system (like say krb5) could be much better if done

Yeah, clearly. kerberos is so heavyweight, though that few sites end
up installing it. Perhaps a pgp-based thing would catch on more. No
gnarly key distribution architecture needed.

-Rens