Magic cookies do not address network bandwidth and latency issues, and they are a
weak solution to the access control problem. The most significant issue with using
magic cookies for access control is that they are passed across the network in plain
text, and if the network traffic is intercepted, the magic cookie will be compromised.
It can also be compromised if ~/.Xauthority can be read by an attacker.
13.10
186 Chapter 13: Remote Access
If you are using Kerberos on your network, you can use the user-touser
authentication scheme to manage X access control. See the
manpage for Xsecurity (Section 13.10) for more information.
13.10 The X Security Extension
Both host-based and magic cookie access control grant X server access on an all or
nothing basis. A finer level of control is obviously desirable in some situations.
The X Security Extension (SECURITY) was introduced in 1996 but is only entering
widespread use now, a decade later. It permits clients to be divided into two categories:
trusted and untrusted. Trusted clients are permitted to use the entire X protocol;
untrusted applications are limited in what they do??”for example, they are prohibited
from accessing window images of trusted clients, so xwd (Section 6.
Pages:
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288