> Joe is a skilled sysadmin with good UNIX security knowledge. His
> personal workstation is highly protected and his pager gets an alarm
> when someone tries to portscan any of his machines. At the end of the
> day, to relax a bit, he connects to a public server (with ssh of
> course) using a non-privileged account. He then starts Netscape to
> enjoy the latest Tamagotchi Java applet. A few minutes later, he hears
> his local disk spinning while his home directory is being destroyed...
>
> How can this be possible?
>
> Exploiting yet another flaw in Java/Netscape, a bad guy gets read
> access to his non-privileged account. From here, he can connect to the
> X server on Joe's workstation using the ssh X forwarding
> capability. He then simply sends "rm -fr ~" to a Tk/Tcl application,
> locally running on Joe's workstation...
One page describes a program that I wrote (named mxconns) that may
help you to protect your X server.
If you are interested, have a look at
http://wwwinfo.cern.ch/dis/security/x/
Comments, additions, etc. are welcome!
________________________________________________________
Lionel Cons http://wwwinfo.cern.ch/~cons
CERN http://www.cern.ch
-
Hinds' 6th Law of Computer Programming
Program complexity grows until it exceeds the capability of the
programmer who must maintain it.