X SECURITY extension gone in latest Xorg; XACE not working?
Chris Palmer
chris at isecpartners.com
Thu Apr 16 23:08:50 UTC 2009
Hello,
With a recent build of FreeBSD ports (I am on FreeBSD 7), the X SECURITY extension is nonexistent, and its functionality is missing. For example, "ssh -X" is equivalent to "ssh -Y", "xauth -f foo generate :0.0 . untrusted" doesn't work, and so on. I am developing a program (http://code.google.com/p/isolate) that depends on being able to put X clients in the "untrusted" group. I dimly understand that XACE is supposed to replace the old SECURITY extension with new and more exciting (but compatible) behavior, but currently, I get no joy either way.
On OpenBSD 4.4 and Ubuntu 8.10, SECURITY still works; I assume it's because their builds are old enough to not have whatever recent changes were made.
In the configure script for the xorg-server port, I found an option to re-enable SECURITY, and it appears to mostly work. But normal people are not going to do that, and so won't get the security features of the extension.
Any clues, explanations of how I'm missing something, et c., greatly appreciated. Thanks!
--
Chris Palmer, iSEC Partners
(415) 235 2888
More information about the freebsd-x11
mailing list