news@udenva.cair.du.edu (netnews) (07/18/88)
This is my first posting to xpert. Please be easy on me if this ground has been covered before. 1) Xlock.c, recently reposted needed a small fix to be portable to the HP 9000s here. The HP server uses full addresses (machine:0.0), so unix:0 didn't work. It seems the proper way to get the machine name is through the environment variable DISPLAY if it is defined; my fix was to use getenv(DISPLAY) if non-NULL, otherwise use unix:0. Perhaps unix:0.0 would be more portable? 2) The Xlock program, among other embarrassing things I have done from dumb terminals to console users, brings up the ugly spectre of what it means to have X program security. In my work environment, security not only means that a third party should not be able to blitz my screen, but has certain "Orange Book"ishness as well. The problems are too verbose to detail here, but the question is, is anyone thinking about them for implementation into the X Window System (Ok, Bob?) Version N? Is Athena looking for a forum for discussion/suggestion? My assertion is that the non-existant X security model is a disaster in the making. How can we get started in preventing it? Michael Schwartz (ncar!udenva!mschwart, MSchwartz@DOCKMASTER) -- Michael Schwartz University of Denver -- New College udenva!mschwart MSchwartz@Dockmaster.ARPA
swick@ATHENA.MIT.EDU (Ralph R. Swick) (07/19/88)
Athena will (eventually) write the glue to use our network authentication service, Kerberos (see Steiner et. al., Usenix Conference roceedings, Winter, 1988), under the connection authorization hook provided by the X protocol. This is one way to provide increased security at the Display level.
diamant@hpfclp.SDE.HP.COM (John Diamant) (07/20/88)
> It seems the proper way to get the machine name is > through the environment variable DISPLAY if it is defined; my fix was to > use getenv(DISPLAY) if non-NULL, otherwise use unix:0. Perhaps unix:0.0 > would be more portable? Actually, the proper way is to call XOpenDisplay(NULL) and let the system pick the default. The getenv(DISPLAY) is unnecessarily non-portable because it is Unix specific. XOpenDisplay will open the default display. The only time a non-null value should be passed to XOpenDisplay is if the user specified a value on the command line. Re: X security and lack of such > non-existant X security model is a disaster in the making. How can we > get started in preventing it? Well, starting a mailing list might be worth it. The biggest problems, as I see it are the lack of access control to server ids (they're all global), and the lack of user access control (as opposed to machine). Project Athena happens to have a good solution to the second one already (Kerberous). So, really the big problem is the first one. John Diamant Software Development Environments Hewlett-Packard Co. ARPA Internet: diamant@hpfclp.sde.hp.com Fort Collins, CO UUCP: {hplabs,hpfcla}!hpfclp!diamant