From bloom-picayune.mit.edu!mintaka.lcs.mit.edu!olivea!decwrl!mcnc!duke!khera Sun May 17 01:28:43 EDT 1992 Article: 53327 of comp.windows.x Path: bloom-picayune.mit.edu!mintaka.lcs.mit.edu!olivea!decwrl!mcnc!duke!khera From: khera@cs.duke.edu (Vivek Khera) Newsgroups: comp.windows.x Subject: Re: How exactly do I use xauth? Message-ID: Date: 17 May 92 01:43:56 GMT References: <35461@darkstar.ucsc.edu> Sender: news@duke.cs.duke.edu Organization: Duke University CS Dept., Durham, NC Lines: 121 Nntp-Posting-Host: thneed.cs.duke.edu In-reply-to: msb@cats.ucsc.edu's message of 16 May 92 09:58:49 GMT X-Md4-Signature: 57d159499c8dfab9e7fa7eda438a5743 In article <35461@darkstar.ucsc.edu> msb@cats.ucsc.edu (the MOST SIGNIFICANT bit) writes: We run X11R4 & SunOS 4.1.1 . There was a posting just a while ago that I saw, but it left me just as confused, especially since: the host that I log into is not constant (we have a version of Athena implemented here) and since we have kerberos, how would that be used instead of the "magic-cookie" thing that I've basically heard bad things about. below is a little note i put together for local users here on how to use xauth style server connection authorization. I'm curious as to what "bad things" you've heard about the magic-cookie authorization. unless you are worried about people snooping on your physical network or having an insecure file system security, you really don't have much to worry about. if you are really paranoid, you should be able to adapt the method below to use the SUN-DES (or whatever it's called) that uses sun's secure rpc mechanism. if you are more paranoid than that, you can use my kerberos modifications to X11R4. note however, that i had to make some assumptions about the environment in order to kerberize the X11R4 server (under kerberos version 4). before anyone asks, i do not have a version that is incorporated into X11R5. you can pick up the diffs to X11R4 and an associated paper that describes what i did via anonymous ftp from cs.duke.edu:dist/papers/khera. here's my "how to use mit-magic-cookie-1 at Duke" document. i have posted it here previously. Subject: making your X server more secure Date: Tue, 10 Jul 90 12:26:15 -0400 From: Vick Khera here's how i have made my X sessions more secure than just the xhost way. it is mostly transparent, and doesn't allow arbitrary users to plaster windows on my screen, or to snoop at my keyboard. even people who log into the machine i'm working on can't connect to the server. this whole scheme is based on the MIT-MAGIC-COOKIE scheme, where each client must present to the server a magic cookie to prove that it is allowed to connect. the cookie is kept in a file in your home directory (.Xauthority) which only you are allowed to read. the server reads this file when it starts up, so if you change the cookie file, you will have to restart the server to make it read the new information. normally you don't need to do this. the .Xauthority files can be merged using the xauth program. see the man page for some more details. here is how to make yourself "secure": 1. create a .xserverrc file similar to mine in your home directory. the important part is to pass the "-auth $HOME/.Xauthority" option to XSun. 2. before you start the X server, be sure to create the .Xauthority file. i wrote a shell script to do this. it is in ~khera/bin/newcookie. you must create a new .Xauthority file when you switch machines, as the name of the machine the server is on is part of the authority mechanism. this is how it knows which cookie to send to which server it is connecting to. i run newcookie from my .login file when i am logging into the console. if you run newcookie after you start the X server, you are hosed unless you can remember the random number it generated and recreate the file by hand. you will have to quit and restart the server. 3. since the "rcmd" command automatically does an xhost +, there is a new command "xrsh" which does basically the same thing without adding the host using xhost. you should replace all calls to rcmd with calls to xrsh in your .twmrc and .xinitrc (and wherever else it may be). 4. start the X server using startx. things should be secure now. all new X clients (from R4) understand this authorization scheme, so you should never need to run xhost again. in fact, xhost should report *no* hosts as being allowed in. let me know if you have problems with this if you indeed decide to try it. i have been using this at work for two weeks and tried it at school yesterday. i'm only telling you two how to do this now so i can still plaster things on other people's screens ;-). actually, if it works well for you, i'll make it generally available. v. here's my .xserverrc file: --cut here-- #!/bin/sh # for Xsun: # -ar1 NNN set keyboard repeat delay to NNN milliseconds # -ar2 NNN set keyboard repeat rate to NNN milliseconds if test -w /dev/cgthree0 -o -w /dev/cgsix0; then server=Xsun else server=XsunMono fi exec $server -ar1 250 -ar2 20 -auth $HOME/.Xauthority --cut here-- and here's my newcookie script: --cut here-- #!/bin/sh # create new .Xauthority file PATH=/usr/local/X/bin:/usr/gnu/bin:$PATH # try some security auth=$HOME/.Xauthority #cp /dev/null $auth # generate a nice long random key key=`perl -e 'srand; printf int(rand(100000000000000000))'` # add to auth file. use $key$key to make sure even length. xauth add ${HOST}/unix:0 . $key$key xauth add ${HOST}:0 . $key$key --cut here-- -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Gradual Student/Systems Guy Department of Computer Science Internet: khera@cs.duke.edu Duke University (MIME mail accepted) Durham, NC 27706 (919) 660-6528 From bloom-picayune.mit.edu!snorkelwacker.mit.edu!spool.mu.edu!nigel.msen.com!yale.edu!think.com!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!bronze!mvanheyn@copper.ucs.indiana.edu Mon May 18 06:43:02 EDT 1992 Article: 53344 of comp.windows.x Xref: bloom-picayune.mit.edu alt.security:6684 comp.windows.x:53344 Path: bloom-picayune.mit.edu!snorkelwacker.mit.edu!spool.mu.edu!nigel.msen.com!yale.edu!think.com!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!bronze!mvanheyn@copper.ucs.indiana.edu From: mvanheyn@copper.ucs.indiana.edu (Marc VanHeyningen) Newsgroups: alt.security,comp.windows.x Subject: Good cookies (was Re: How exactly do I use xauth?) Message-ID: <1992May17.212147.21748@bronze.ucs.indiana.edu> Date: 18 May 92 02:21:41 GMT Article-I.D.: bronze.1992May17.212147.21748 References: <35461@darkstar.ucsc.edu> Organization: Indiana University Lines: 171 [ Added alt.security to newsgroups line ] In article khera@cs.duke.edu (Vivek Khera) writes: >3. since the "rcmd" command automatically does an xhost +, there is >a new command "xrsh" which does basically the same thing without adding the >host using xhost. you should replace all calls to rcmd with calls to xrsh >in your .twmrc and .xinitrc (and wherever else it may be). Hmmm. Our xrsh does xhost; it can be instructed not to by modifying the XRSH_AUTH_TYPE variable; reasonable settings for magic cookies would be either "xauth" (will automatically copy the cookie over) or "none" (assumes you already took care of it.) >and here's my newcookie script: >--cut here-- >#!/bin/sh > ># create new .Xauthority file > >PATH=/usr/local/X/bin:/usr/gnu/bin:$PATH > ># try some security >auth=$HOME/.Xauthority >#cp /dev/null $auth > ># generate a nice long random key >key=`perl -e 'srand; printf int(rand(100000000000000000))'` ># add to auth file. use $key$key to make sure even length. >xauth add ${HOST}/unix:0 . $key$key >xauth add ${HOST}:0 . $key$key >--cut here-- Bad cookie! No security! :-) Seriously, using srand, which uses the system time() in seconds, is trivial to break if you have even an approximate idea when the cookie was generated. In addition, the key is used as a command line argument and could be seen by a well-timed ps. Since there's been so much discussion of this matter in c.w.x and a.s, I may as well post an attempt I've made at a good cookie generation algorithm. This is better than the semi-adequate one I've mailed out to several people. It generates a 128-bit cookie as four 32-bit segments, each of which is created with a different semi-random seed generated in a somewhat different fashion. One of these four seeds come in via a pipe from a command (the one I use is perl -e 'printf int(unpack("%32L*", `pstat -p`))') and the rest come from internal stuff. Provided the microsecond clock on your system has high resolution, it'll be pretty random. You should define delay_file_1 and 2 to be files which are NFS mounted on an overloaded machine which gives unpredictable response time; here at IU, the departmental news server meets those criteria. (Security through poor performance, sigh.) It won't give a cracker 128 bits of total randomness to search through, but it'll make the search space big enough to be pretty darned impractical. Commentary welcome, hope this is maybe useful. --CUT-HERE-- /* cookiegen.c, version 1.2 * Marc VanHeyningen (mvanheyn@indiana.edu) on May 15 1992 * This is a rather crude program to generate lines to work with xauth * in a reasonable fashion. It is much better than 1.0 * Useage: makeseed | cookiegen | xauth source - * it works this way so that * 1) You can use nicknames for hosts and xauth will look them up for you * 2) The key is never passed as an argument viewable with "ps" * 3) (new) makeseed gives another random seed in addition to the one * given by the microseconds clodk * my makeseed is a shell script containing the command * perl -e 'printf int(unpack("%32L*", `pstat -p`))' * it should be run on an active system to ensure randomness * which may not be present on a workstation * it, too, is passed by a pipe rather than an argument for security */ #include #include #include void srand48(); long mrand48(); main(argc,argv) int argc; char **argv; { struct timeval tp; struct timezone tzp; long extseed; char delay_file_1[] = "/usr/spool/news"; /* good: NFS mounted, unreliable */ char delay_file_2[] = "/usr/spool/mail"; /* not quite as good but OK */ char c; int fd; if ( argc != 2 ) { fprintf(stderr,"Useage: %s display-name\n",argv[0]); exit(-1); } scanf("%ld",&extseed); printf("add %s MIT-MAGIC-COOKIE-1 ",argv[1]); /* The key to the generation, we generate 4 8-digit hex values, for a total of 128 random bits. Each of the 4 values is generated a different way; the first two values are quite random, while the last couple are less random. However, given a good random seed of 32 bits for extseed and a good random microsecond clock, the search space should still be too large to be of use to a cracker. */ /* Use the microsecond clock, about 20 random bits, for the first value */ gettimeofday(&tp,&tzp); srand48(tp.tv_usec); printf("%08lx",mrand48()); #ifdef DEBUG fprintf(stderr,"Seed 1: %ld\n",tp.tv_usec); #endif /* Use the extseed, hopefully 32 random bits */ srand48(extseed); printf("%08lx",mrand48()); #ifdef DEBUG fprintf(stderr,"Seed 2: %ld\n",extseed); #endif /* Waste an amount of time which will be difficult to predict down to the nearest microsecond. It is preferable if the delay files are mounted via NFS, particuarly if they are on busy machines over heavy networks which give unpredictable response times. Note how bad networks make good security in this case... */ fd = open(delay_file_1, O_RDONLY); while(read(fd, &c, sizeof(c)) == sizeof(c)); close(fd); /* Use the updated microsecond clock, having changed some, plus the pid. Not very random, but still a few random bits. The pid is shifted over, to increase the unpredictability of the bits, since the higher-order bits of usec will be the same as in the first call. */ gettimeofday(&tp,&tzp); srand48(tp.tv_usec ^ (((long) getpid()) << 17)); printf("%08lx",mrand48()); #ifdef DEBUG fprintf(stderr,"Seed 3 usec base: %ld\n",tp.tv_usec); #endif /* Waste another indeterminate amount of time */ fd = open(delay_file_2, O_RDONLY); while(read(fd, &c, sizeof(c)) == sizeof(c)); close(fd); /* Use the updated microsecond clock plus the normal clock. Again, this isn't terribly random, but provides a few random bits. Bitshifting provides a minor advantage in randomness, since the higher order bits of tv_sec are not at all random anyway */ gettimeofday(&tp,&tzp); srand48((tp.tv_usec << 12) ^ tp.tv_sec); printf("%08lx",mrand48()); #ifdef DEBUG fprintf(stderr,"Seed 4 usec base: %ld\n",tp.tv_usec); #endif printf("\n"); } -- _ _ Marc VanHeyningen mvanheyn@indiana.edu mvanheyn@iubacs.BITNET / / \ mputer-\ | | | oky Science "Nature makes jumps." \_ \_/ gnitive/ - Hilbert