[NTLUG:Discuss] X sanity check

[steve]

Leroy Tennison wrote:
> I've been reading the various X man pages noting the issues with 
> "traditional" X security and then the question came to mind "Why would 
> you want a remote client to be able to connect to your X server?"

Well, there are times when it's useful...but it's not a common thing.

I have systems where I work where the remote machines are embedded
systems with no displays of their own.  When one of them needs to tell
me something, it's kinda convenient that they can just set the DISPLAY
variable to mymachine:0.0 and open a window.  One line in a shell
script accomplishes everything you need to make that work.

But that's in a setting where none of the computers are networked to
anything outside the room they are all in - and security just isn't
important.

We tend to forget that not all computers are connected to the big,
nasty, untrustworthy Internet!

> I understand that you, sitting in front of the X server, might want to 
> be a remote client by executing a program on a remote host and that, for 
> that purpose, ssh is a good solution.  But is there any good reason why 
> a user remote to the X server would be interested in sending the output 
> to the X server?

X is considerably older than ssh - it was actually DESIGNED with the
idea that there would be a big mainframe someplace where the programs
would be run and that the end users would have computationally
lightweight terminals that understood the X protocols and did very
little else.

When X was designed, there were virtually no security concerns - that
was all back in the age of innocence where one protected the root
password and nothing else really mattered a whole lot.  The main reason
to have any kind of security at all was because in university setting,
the undergraduates would have fun doing things like remotely taking
a screen dump of someone's desktop - then pasting it back up onto
their screen so they thought the system had locked up...all very
amusing stuff needing nothing more than lightweight security.

We also had systems like the big SGI boxes where the machine had
three keyboards, three mice and three displays - and three people
could use it at once - setting DISPLAY to :0.0, :0.1 and :0.2
was very convenient (or was it :0.0, :1.0 and :2.0?  I always
forget).

The underlying communications mechanism (with all of it's ikky security
concerns) is still there even though it's quite rarely used in an
era where the computer is generally cheaper than the display it's
connected to.

> Where I'm going with this is the question "Is all this concern about X 
> security really a non-issue because there is no real need to use the 'at 
> risk' configurations?"

Right - if ssh will do it for you - then all well and good - turn off
X's permissions (which is the default) and all should be well.

X is really an anachronism - but there is such an enormous base of
software and libraries that use it that it's going to be hard to
replace.