LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 06-21-2007, 11:41 PM   #1
sachinh
Member
 
Registered: Jul 2004
Location: india
Distribution: RH
Posts: 189

Rep: Reputation: 30
Strange X Problem


One of the security tool has generated reports for our production system which is RedHat Linux 2.1 installed on it.

The error in question is :

unrestricted X server access (No X server access control )

Now when I tried to goole on above error found the following help.

"""""Restrict access to server: An open X display allows anyone, anywhere to view your screen, capture keystrokes and even execute commands remotely. This is a serious vulnerability that is easily fixed using xhosts or xauth. The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server, providing a rudimentary form of privacy control and security sufficient for a workstation environment (e.g. xhost +user@host when granting access).""""""""""



So tried to disable the unwanted access using below command. But got this,

>>>xhost -
xhost: unable to open display ""
root@P04.com /root
>>>

But at the same time I get this when I run ,

>>>xauth list
P04.com:1 MIT-MAGIC-COOKIE-1 c04203fd1bdc2f31d7b249434ff4de3d
localhost.localdomain/unix:1 MIT-MAGIC-COOKIE-1 e448d1eb5e9ccce7a407ea55f06c0fe9
P01.com/unix:10 MIT-MAGIC-COOKIE-1 dd84bffa51d812943c1dba16ba2f54bb
P01.com/unix:1 MIT-MAGIC-COOKIE-1 c04203fd1bdc2f31d7b249434ff4de3d
P01.com/unix:0 MIT-MAGIC-COOKIE-1 e00708c7b585daea3ce89ef1f52bee89
P04.com/unix:10 MIT-MAGIC-COOKIE-1 0964d62871c1e842f60ad9307dfed6bf
>>>

And I have found that in /etc/sshd_config X11 Forwarding is set to Yes.

But it gives no output for

>>>echo $DISPLAY
>>>


Now I'm pretty confused as to whether the xhost is being used on this system? Or is it xauth or X11Forwarding ?? Or none ??
Then why is it that our Security Audit tool is complaining as ""unrestricted X server access (No X server access control )""

Please suggest !!!!!!!!!!!
 
Old 06-22-2007, 04:35 AM   #2
whansard
Senior Member
 
Registered: Dec 2002
Location: Mosquitoville
Distribution: RH 6.2, Gen2, Knoppix,arch, bodhi, studio, suse, mint
Posts: 3,300

Rep: Reputation: 65
from the xhost man page:

+ Access is granted to everyone, even if they aren't on the
list (i.e., access control is turned off).
- Access is restricted to only those on the list (i.e.,
access control is turned on).


so i think it's xhost -
then xhost + localhost

it's something like that anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
strange problem... blackv1rus Linux - Networking 3 11-02-2005 05:56 PM
strange, strange alsa problem: sound is grainy/pixellated? fenderman11111 Linux - Software 1 11-01-2004 06:16 PM
strange problem.... shiatsu Linux - General 2 10-02-2003 05:16 PM
wx-config problem strange problem plz help glacier1985 Linux - Software 4 07-26-2003 06:20 PM
Strange problem............. LinuzRulz LQ Suggestions & Feedback 1 07-28-2002 09:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 08:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration