X Window authorization

X Window authorization

In the X Window System, programs connect to the X server, possibly via a computer network. Since the network may be accessible to other users, a method for forbidding access to programs run by users different from the one who is logged in is necessary.

There are five standard access control mechanisms that control whether a client application can connect to an X server. They can be grouped in three categories:

# access based on host
# access based on cookie
# access based on user

Additionally, like every other network connection, tunnelling can be used.

Host-based access

The host-based access method consists in specifying a set of hosts that are authorized to connect to the X server. This system is considered obsolete, as it allows every user who has access to such a host to connect to the display. The xhost program and three X Window System core protocol requests are used to activate this mechanism and to display and change the list of authorized hosts.

Cookie-based access

The cookie-based authorization methods are based on choosing a magic cookie (an arbitrary piece of data) and passing it to the server when it is started; every client that can prove having knowledge of this cookie is then authorized connection to the server.

These cookies are created by a separate program and stored in the file .Xauthority in the user's home directory, by default. As a result, every program run by the client on the local computer can access this file and therefore the cookie that is necessary for being authorized by the server. If the user wants to start an application from another computer on the network, the cookie has to be copied to that other computer. How the cookie is copied is a system-dependent issue: for example, on Unix-like platforms, scp can be used to copy the cookie.

The two systems using this method are MIT-MAGIC-COOKIE-1 and XDM-AUTHORIZATION-1. In the first method, the client simply sends the cookie when requested to authenticate. In the second method, a secret key is also stored in the .Xauthority file. The client creates a string by concatenating the current time, a transport-dependent identifier, and the cookie, encrypts the resulting string, and sends it to the server.

The xauth application is a utility for accessing the .Xauthority file.

User-based access

The user-based access methods work by authorizing specific users to connect to the server. When a client establishes a connection to a server, it has to prove being controlled by an authorized user.

The two methods based on authenticating users are SUN-DES-1 and MIT-KERBEROS-5. The first system is based on a mechanism of secure remote procedure call developed in SunOS. The second mechanism is based on both client and server trusting a Kerberos server.

Tunneling

Connection between client and server over a network can be protected using a secure tunnelling protocol such as SSL or SSH

See also

* X Window core protocol
* X Window System protocols and architecture

External links

* [http://www.xfree86.org/current/Xsecurity.7.html X security manual page]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • X Window System core protocol — The X Window System logo The X Window System core protocol[1][2][3] is the base protocol of the X Windo …   Wikipedia

  • X Window System — X11 redirects here. For other uses, see X11 (disambiguation). A historical example of graphical user interface and applications common to the MIT X Consortium s distribution running under the twm window manager: X Terminal, Xbiff, xload and a… …   Wikipedia

  • Compositing window manager — Compiz showing the desktop cube effect in Ubuntu. A compositing window manager is a type of window manager. A window manager is software that draws a graphical user interface on a computer display – it positions windows, draws additional elements …   Wikipedia

  • X Window selection — Contents 1 Active and passive selections 2 Selections 3 Clipboard 4 …   Wikipedia

  • Comparison of X Window System desktop environments — A desktop environment is a collection of software designed to give functionality and a certain look and feel to an operating system. This article applies to operating systems which are capable of running the X Window System, mostly Unix and Unix… …   Wikipedia

  • cwm (window manager) — cwm Original author(s) Marius Aamodt Eriksen Developer(s) Marius Aamodt Eriksen, Andy Adamson, Niels Provos, Martin Murray, Dimitris Economou, Antti Nyknen …   Wikipedia

  • Extended Window Manager Hints — Extended Window Manager Hints, aka NetWM or Net WM,[1] is an X Window System standard for window managers. It defines various interactions between window managers, utilities, and applications, all part of an entire desktop environment. It builds… …   Wikipedia

  • Comparison of privilege authorization features — A number of computer operating systems employ security features to help prevent malicious software from gaining sufficient privileges to compromise the computer system. Operating systems lacking such features, such as DOS, Windows implementations …   Wikipedia

  • Registration, Evaluation and Authorization of Chemicals — Enregistrement, évaluation et autorisation des produits chimiques L’enregistrement, évaluation et autorisation des produits chimiques en anglais : Registration, evaluation and authorization of chemicals (REACh) est un règlement du Parlement… …   Wikipédia en Français

  • XAUTH — steht für: XAUTH (IPsec), eine Erweiterung des Netzwerkprotokolls IPsec. XAuth steht für: XAuth (World Wide Web), ein System zum Austausch von Informationen über Kunden im World Wide Web. xauth steht für: xauth (X), ein Verwaltungsprogramm des X… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”