Classnotes | UNIX03 | RecentChanges | Preferences X securitry is one of those things that many people ignore, and hope does not come back to haunt them. On the systems that use it, which is most systems, the X subsystem has access to every keystroke of every user and screen output and X runs set-UID to root. A rogue X process can connect to a user's X display and capture keystrokes while that user is entering their password. Without adequate X security this is very hard to guard against.
For some of the highest security situations, it might be appropriate to not use X at all and remove it from the system. However, most people cannot live without X, so let us examine hpw tp make X more secure.
Hostnames and Validation
As most sysadmins know, the lowest level of X security is via host name validation. You enable a particular remote host to connect to your X display by requesting that xhost add it to the list of approved hosts (We covered this in the previous class).
xhost +somedomainname.com
Security involving host names and IP addresses, such as this level of X security, can be broken easily by a variety of well-known methods (see 198). To list the present access list, issue the xhost command without any arguments:
$ xhost
Many users get lazy, so instead of issuing an xhost command for each of several systems, they enable all systems in the world access via
$ xhost +
This lets and cracker on the Internet scan for systems having port 6000 accessible and take that user's access. If that user happens to be root, the cracker now owns the system. One way of protecting this is using a firewall to block this port. Another way is to wrap SSH around X sessions (which we will not do in this class, but you can take a look at it on page 417 of the book).
$DISPLAY
Users can use the $DISPLAY environment variable to define specific machines to send X connections to. Something like this may bypass an SSH encrypted connection and establish an unsecured X session over a 6000 series port. This can also allow end-runs around firewalls (because you may now be relying upon foreign firewall rules).
Sysadmins must be careful when advising users to use this variable in that it can cause security holes.
X -nolisten
Another solution for most "desktop" Linux systems is simply to disable X from listenning on TCP port 6000 at all. To do this, supply the argument -nolisten tcp to X. An example way to do this is to add the following line to $HOME/.xserverrc:
