S 4.9 Use of the security mechanisms of X Windows

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Release 5 of the X Windows software only offers a few features for increasing the security of data transmissions between the X server and the X client so that the use of the X Windows software can only be recommended in a secure environment.

• Computer-specific access control: Every X server has a list of authorised computers that can be changed using the xhost command. The list absolutely must be restricted to only those computers requiring access to the X server. Global access should not be made possible using xhost + under any circumstances. This can be accomplished by entering the corresponding computers explicitly in the xhost table. Furthermore, it must be noted that every user of an authorised computer has unrestricted access to the X server. For this reason, this type of access control can only be recommended when there are irrefutable reasons why none of the following mechanisms can be used instead.

• User-specific access control: The X server process can be configured in such a way that a key is generated when a user logs in (using xdm, for example), which is then used for authentication when transmitting data between the client and the server. This key (referred to as a MAGIC COOKIE) is stored in the home directory of the user in the .Xauthority file and can be transmitted to the X client using the xauth command. However, while the MIT-MAGIC-COOKIE mechanism must only be considered a type of password, which can be intercepted during transmission, a mechanism offering operation in conjunction with NIS and with DES encryption offers higher levels of security, and the use of such a mechanism should be preferred instead.

• Access control using Secure Shell: Communication between the X client and the X server can also be performed over a secure channel of an ssh connection (see also S 5.64 Secure Shell). In this case, access control is performed based on the computer as well as on the user. The authentication and user data is encrypted. The use of the Secure Shell is therefore recommended for the secure operation of X Windows.

Using a utility program, it is possible to convert the keyboard input of a remote computer entered in X Windows to plain text and then read it. When using the xterm program, it is possible to prevent keyboard input from being monitored by suppressing transmission of KeyPress events to other applications. To accomplish this, the secure keyboard option must be enabled in the xterm menu so that the corresponding window has exclusive access to the keyboard.

Review questions:

• Is there a regulation for securely using X Windows?
• Is there a secure access control regarding the X server?
• Is the monitoring of keyboard input in X Windows prevented?