[Prev][Next][Index][Thread]

XDMCP security?




I just discovered that taking away the shell from a user (leaving him only
with pop) won't stop him from getting a shell if he opens an X session
through XDMCP (i.e. any win95 station and a few freewares :-(

I was stupid enough to overlook this untill now because I didn't dig into
X security (dumb, I know).

first stage was to limit xdm's responses to my LAN only, but it isn't good
enough for me...

deleting the users' .xsession is a patial solution, but they can undo
that, and creating a .xsession owned by root (non-rewritable by the user)
seems like an awkward solution. ideas anyone?


   -------------------------------------------------------------
   Ira Abramov          <ira@scso.com>        Scalable Solutions
   SITE Web Presence ("webspace for rent") http://www.site.co.il
   Beeper 48484 at 03-610-6666, 02-6294-666  FAX (972)2-643-0471
   POBox 3600, Jerusalem 91035, Israel       Tel (972)2-642-6822
   http://www.scso.com/~ira   Check out: http://www.linux.org.il



Follow-Ups: