pam_apparmor
As mentioned at the beginning, network transparency is one of the central characteristics of a Unix system. X, the windowing system of Unix operating systems, can use this feature in an impressive way. With X, it is no problem to log in to a remote host and start a graphical program that is then sent over the network to be displayed on your computer.
When an X client needs to be displayed remotely using an X server,
the latter should protect the resource managed by it (the display)
from unauthorized access. In more concrete terms, certain permissions
must be given to the client program. With the X Window System, there
are two ways to do this, called host-based access control and
cookie-based access control. The former relies on the IP address of
the host where the client should run. The program to control this is
xhost
. xhost
enters the IP
address of a legitimate client into a database belonging to the X
server. However, relying on IP addresses for authentication is not
very secure. For example, if there were a second user working on the
host sending the client program, that user would have access to the X
server as well—like someone spoofing the IP address. Because of
these shortcomings, this authentication method is not described in
more detail here, but you can learn about it with
man
xhost
.
In the case of cookie-based access control, a character string is
generated that is only known to the X server and to the legitimate
user, like an ID card of some kind. This cookie is stored on login in
the file .Xauthority
in the user's home directory
and is available to any X client wanting to use the X server to display
a window. The file .Xauthority
can be examined by
the user with the tool xauth
. If you rename
.Xauthority
, or if you delete the file from your
home directory by accident, you will not be able to open any new
windows or X clients.
SSH (secure shell) can be used to encrypt a network connection and forward it to an X server transparently. This is also called X forwarding. X forwarding is achieved by simulating an X server on the server side and setting a DISPLAY variable for the shell on the remote host. Further details about SSH can be found in Chapter 15, SSH: Secure Network Operations.
If you do not consider the computer where you log in to be a secure host, do not use X forwarding. If X forwarding is enabled, an attacker could authenticate via your SSH connection. The attacker could then intrude on your X server and, for example, read your keyboard input.