As some have pointed out, we have to compromise security with users'
needs, and in some cases this means allowing X sessions with outside
nodes. Hopefully, this means making specific exceptions in the filter
rules, specifying both source and destination node.
What are the hidden gotchas in doing that?
I talked with someone at Usenix who is using a modified su that does not
work if other hosts have access to the x server, so that you don't give
away the root password to xkey users. Sudo, dosu, su, and other utilities
all should test the state of the x server before prompting for a
password. Are there such modified sources available?
If not, how difficult is it to add the xhost check?
Is there a forum for X security?
(or is it down the hall from Military Intelligence?)
- Mac Allen