xserver or gdm sets xhost + ; no security
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xserver-xgl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: xserver-xgl
I have installed Xgl and start it automatically using gdm. My custom.conf has the following added to it:
0=Xgl
[server-Xgl]
name=Xgl server
command=
flexible=true
I checked, the xserver-xgl package is from ubuntu, not from the window manager etc., no packages involved in this problem (as far as I know of course).
Now when I press ctrl-alt-backspace to get a new session, I noticed that somehow nautilus pops up on the new server (over the login screen).
I then logged on to the console with my normal user account, and was able to run an xterm with no problems (over the gdm login screen). This means I would have been able to capture anything displayed or typed to the login screen.
When I logged on, I checked using the 'xhost' program, this shows me the security is off:
'access control disabled, clients can connect from any host'
Luckily (or so netstat -a tells me) the server has the 'don't do tcp' option on, or this would be a major problem. Still an important local vulnerability.
Oh, my versions are:
xserver- xgl-7.0. 0.git.20060725- 0ubuntu2 xorg-core- 1:1.1.1- 0ubuntu12
gdm-2.16.1-0ubuntu4
xserver-
I am on an amd64 arch system, new edgy install.