[Pkg-fglrx-devel] Bug#625868: Bug#625868: auth event shows secret xauth cookie on command line
Vincent Zweije
vincent at zweije.nl
Mon May 9 08:01:36 UTC 2011
On Mon, May 09, 2011 at 08:57:24AM +0200, Patrick Matth?i wrote:
|| Am 08.05.2011 23:58, schrieb Vincent Zweije:
|| >On Sun, May 08, 2011 at 11:51:40PM +0200, Vincent Zweije wrote:
|| >
|| >|| Looking at /etc/ati/authatieventsd.sh, this piece of code is wrong:
|| >
|| >||> revoke)
|| >||> if [ `pinky -fs | awk '{ if ($3 == "'$2'" || $(NF) == "'$2'" ) { print $1; exit; } }'` ]; then
|| >||> user=`pinky -fs | awk '{ if ($3 == "'$2'" || $(NF) == "'$2'" ) { print $1; exit; } }'`
|| >||> su $user -c "xauth -f $3 remove $2" || exit -1
|| >||> else
|| >||> xauth -f $3 remove $2 || exit -1
|| >||
|| >|| And strictly speaking, the same twice here, but the secret is being
|| >|| removed so exploiting its knowledge would be very hard though not
|| >|| theoretically impossible. Anyway, if your fixing the grant case, do the
|| >|| revoke case at the same time so they use the same method. It's just good
|| >|| software engineering.
|| >
|| >I think I had my eyes crossed here. No secret cookie is being mentioned,
|| >only the display name which is not secret.
|| Do you want to say, that the security part of this bug could be closed?
Sorry, no, only that the "revoke" part has no security problem. The
"grant" part still does.
|| Sorry yes I mean 11-4, not 10-4 :)
Right. Well, if the offending code is gone in 11-4 that would be the
end of the problem, but even without checking I suspect it's still there.
Ciao. Vincent.
--
Vincent Zweije <vincent at zweije.nl> | "If you're flamed in a group you
<http://www.xs4all.nl/~zweije/> | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] | -- Paul Tomblin on a.s.r.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-fglrx-devel/attachments/20110509/85de2267/attachment-0001.pgp>
More information about the Pkg-fglrx-devel
mailing list