75046.606@CompuServe.COM (Larry W. Virden) (09/15/89)
I am looking DESPERATELY for information regarding attempts to 'secure' the X window environment. References to papers, books, disserations, work in progress, committees, etc. would be appreciated. I think I am aware of primarily two security problems in x - are there numerous other ones? Is there a mailing list discussing these specific problems?
lwb@WLV.IMSD.CONTEL.COM (Les Beears) (09/21/89)
Security in X windows is a major problem. This issue was addressed at the Xhibition in a conference which was entitled something like "X security, an oxymoron?". X windows lacks even the normal security (discresionary access conrtol) which is normally provided to objects within the system. Once a host is given access to an X server any user on that host can do anything to the X server. This means that any client can move or delete windows, or capture keystrokes. No special privilege is required to execute any of the X commands. Kerberos is the project Athena attempt at network security, but it does nothing to make X itself more secure.