tags:

views:

78

answers:

2
Q: 

X authority bypass

Hi,

I'm trying to write an application that runs as a daemon and monitors running X sessions. Right now I'm struggling to find documentation regarding the X security model. Specifically, I'm attempting to connect to running X displays from my daemon process. Calling XOpenDisplay(dispName) doesn't work, I guess because my process doesn't have permission to connect to this display. After a bit of research, it looks like I need to do something with xauth.

In my test environment, the X server is started like this:

/usr/bin/X -br -nolisten tcp :0 vt7 -auth /var/run/xauth/A:0-QBEVDj

That file contains a single entry, that looks like this:

#ffff##:  MIT-MAGIC-COOKIE-1  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

by adding an entry to ~/.Xauthority with the same hex key, I can connect to the X server. However, this is difficult because I need to programmatically find the auth file the X server is using (the location of which I guess will change from distro to distro, and probably from one boot to the next), then query it, then write a new auth file. If the process is running as a daemon, it might not have a home directory, so how do I know where to write the new entries to?

Ideally, what I'm looking for is a way to bypass the need to have the xauth cookie in ~/.Xauthority, or even to know what the cookie is at all. I realise that this is unlikely - what good is a security model if it's easily bypassed? but I'm hoping someone on this list may have a few good ideas. Is there a way to specify that my process is privileged and thus should automatically be given access to any display on the local machine?

+1  A: 

You don't have to use a home directory if you specify an XAUTHORITY environment variable, which specifies the location of the .Xauthority file. Read the xauth man page.

But, in general, it's hard to locate the auth file, for the reasons you mentioned; also, this "fishing for auth tokens" approach would only work for local displays.

With regard to letting root (or some other user) connect to an X server willy-nilly, you'd probably have to patch the source code to do this, and you'd have to use something like getpeereid to obtain the connecting user's uid/gid (this only works on Unix-domain sockets, which I presume would be the type used for local connections, anyway).

Chris Jester-Young  2009-08-19 12:14:28
Thanks. I am only interested in local connections. I'm able to modify local configuration files when I install my application, but modifying the X server source code and patching the X server upon installation is out of the question.
Thomi  2009-08-19 14:24:36
+1  A: 

Xauth is not the only security mechanism for X

There is also another one (less secure) that just performs IP based authentication (See xhost).

So if you switch your X server to this less secure mode it will trust any connections coming from the defined set of IPs.

This way you do not need to deal with Xauthority at all.

kazanaki  2009-08-19 13:25:02
Thanks. I'm aware of the xhost-based authentication mechanism. Perhaps this is the best way to go. Ideally I don't want to change the existing authentication mechanism at all, since I'm now messing with the user's configuration (can you imagine the uproar amongst security-concious users when I change to the least secure authentication mechanism so my application can run?).
Thomi  2009-08-19 14:26:47
I will say that I would never run an application that required me to switch off xauth, so I understand the whole "uproar amongst security-conscious users".
Chris Jester-Young  2009-08-19 14:49:04
Okay. Here's a compromise that probably won't make sysadmins want to kill you. Maybe. Use xhost and enable access from a private IP (e.g., 127.1.2.3). Get the sysadmin to set up firewall rules that only allow connections to 127.1.2.3 if the socket belongs to root (or whatever). Done.
Chris Jester-Young  2009-08-19 14:59:26

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?