bellt@.ucar.edu (Tim Bell) (09/22/89)
There have been some postings to comp.windows.x recently
concerning security under X. I have run into a problem
that, at least partly, falls into the security arena.
I am running Ultrix-32 V3.1 (Rev. 9) UWS V2.1 on a
VAXstation II GPX.
I have a short program that will crash the X window server
on my VAXstation if it is run as a client on some other
machine. This is a security concern because a user on any
machine allowed to connect to mine could reach out and crash
my window server whenever they want to. Of course, the user
is usually me, because I am working with software
incorporating the color map manipulations that cause the
crash.
If the client and the server are the same machine, no
problem. If the server is a VAX running Ultrix and UWS, and
the client is not, this program may or may not crash the
Xqdsg display server. The following table is a summary of
the results of my testing so far:
CLIENT (O/S) DISPLAY SERVER CRASH?
-----------------------------------------------------------------------
DEC MicroVAX (Ultrix-32 V3.1 | DEC MicroVAX (Ultrix) | NO
Same machine as server)| |
DECstation 3100 (Ultrix Worksystem | | NO
V2.0 Rev. 7) | |
DEC MicroVAX (VMS V5.2) | | NO
SUN 3/260 (Sun O/S 4.1) | | YES
SUN 3/110 (Sun O/S 3.5) | | YES
IBM RT (AIX/RT version 2.2.1) | | YES
The program runs fine if the server and client are both DEC
machines. Running the client on a Sun or IBM RT and
attempting to display the output on the VAXstation is fatal
to my entire login on the VAXstation... I end up at the
d|i|g|i|t|a|l login screen.
This problem is also present under Ultrix-32 V3.0 (Rev 64) UWS V2.0
I would appreciate hearing from anyone who could shed some
light on the problem. My demo program is a bit long to
post, but I will mail you a copy.
Tim Bell UCAR, P.O. Box 3000 INTERNET: bellt@unidata.ucar.EDU
(303)497-8636 Boulder, CO 80307 SPAN: 9596::BELL
Tim Bell UCAR, P.O. Box 3000 INTERNET: bellt@unidata.ucar.EDU
(303)497-8636 Boulder, CO 80307 SPAN: 9596::BELL