[Pkg-ltsp-devel] Bug#469462: X access wide open on LTSP clients

Sat Mar 8 19:07:28 UTC 2008

reassign 469462 ldm
notfound 469462 5.0.40~bzr20080214-1~40.etch.0
found 469462 2:0.1~bzr20071217-1
found 469462 2:0.1~bzr20071217-1
found 469462 0.99debian11
tags 469462 patch
tags 469462 pending
thanks

not that that's out of the way...

On Wed, Mar 05, 2008 at 12:16:51PM +0100, Christian Herzog wrote:
> X connections to :6 on LTSP clients are possible from any machine on the
> network.
> 
> Some notes:
> 
> - LDM_DIRECTX = False or True does not change anything
> - on the client, X is running with the '-auth /root/.Xauthority' flag.
>   However, /root is mounted ro by default. Adding it to copy_dirs in
>   /etc/default/ltsp-client-setup allows .Xauthority to be generated, but
>   X connections are still possible.
> - using iptables rules, we could at least restrict access to the
>   terminal server

thanks for reporting this! i think i have a viable patch below that
fixes the issue, and will include in an upload shortly.

from a post i just made to ltsp-developer at lists.sourceforge.net:

if others haven't figured it out already, it seems like the "-ac" option
(disable access controls) we pass to the X server is what makes it
possible for any person knowing the ip and display number to read
keystrokes on the client and display client windows... a *nasty*
security bug.

it *seems* like the way to ditch it is to *not* pass "-ac" at all, and
to *not* use xauth at all, and it generates a "fake" xauth that isn't
stored anywhere i can find...  but ... is it insecure? it does prevent
any person knowing the ip address and display # to read/write to/from x
clients, and as a side-effect, breaks LDM_DIRECTX. i think that's ok for
the short-term, though long-term i would like to set up proper xauth.

short patch to at least partially address the issue (and hopefully not
provide a false sense of security):

# Shelved patch: only disable access control when in directx mode

--- src/ldm.c   2008-03-05 01:20:28 +0000
+++ src/ldm.c   2008-03-05 22:18:33 +0000
@@ -183,7 +183,8 @@
     argv[i++] = "-auth";
     argv[i++] = ldminfo.authfile;
     argv[i++] = "-br";
-    argv[i++] = "-ac";
+    if (ldminfo.directx)
+        argv[i++] = "-ac";
     argv[i++] = "-noreset";
     if (*ldminfo.fontpath != '\0') {
         argv[i++] = "-fp";
@@ -477,7 +478,7 @@

     fprintf(ldmlog, "Launching Xorg\n");
     launch_x();
-    create_xauth();                         /* recreate .Xauthority */
+    //create_xauth();                         /* recreate .Xauthority */

     if (!ldminfo.autologin) {
         fprintf(ldmlog, _("Spawning greeter: %s\n"), ldminfo.greeter_prog);

live well,
  vagrant



