Scientific Linux

  Reply to this topicStart new topicStart Poll

> Linux XServer Security
 Posted: Jan 16 2012, 03:33 AM
Quote Post

SLF Geek

Group: Members
Posts: 259
Member No.: 18
Joined: 11-April 11



The X server allows an X client to:

* Snoop on the screen by reading its contents.
* Snoop on the keyboard.
* Take control of other X clients by sending them keyboard and mouse events.
* Impersonate other X clients by using their names in window title bars.
* Discover what other X clients are running.
* Steal the input focus.
* Deny service by grabbing the pointer or keyboard or the whole server.
* Deny service by consuming the X server's resources.

Whats a realistic defense strategy?

One thing is to not enter the root password on any desktop application (including xterm).

Suppose I also want to protect the data in my home directory. If I open xterm in the same x-session as say firfox or a compromised pdf, then I am screwed? As the malware can send keystrokes to xterm?

Can javascript anyway screw me? Ie run downloaded malware files?

What is the solution? Run multiple x-servers at the same time (can be done)? Use xserver-less consoles (CTRL+ALT+F2) for entering passowords?

An example of keyloggers:

(I tried, the keylogger works sad.gif )

Related discussion:

 Posted: Mar 3 2012, 06:38 PM
Quote Post

SLF Member

Group: Members
Posts: 97
Member No.: 1325
Joined: 24-February 12

I just wrote a HowTo about sandbox that's a new feature in SL 6.x. That solves the problem in question by creating a separate X server for every sandbox'd process using Xephyr. Thought you might wanna take a look.
 Posted: Mar 13 2012, 03:29 PM
Quote Post

SLF Moderator

Group: Moderators
Posts: 672
Member No.: 4
Joined: 8-April 11

Hi there,
imho, if you block the X server port in iptables level and if you forbid to users to log via ssh to your box (so that they cant tunnel tcp connections) or you control what they tunnel/forward, than it's pretty safe.

Another matter would be, if you want ppl connect to your X server and you want secure X server, while ppl are connected - i dont have experience with this, so cant say educatedly.

cheers, smile.gif

PMEmail Poster
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll