#17 closed defect (obsolete)
Sugar-Emulator has no access control
Reported by: | morgs | Owned by: | marcopg |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Sugar | Version: | 0.83.x |
Severity: | Minor | Keywords: | r- |
Cc: | luke@…, sascha_silbe | Distribution/OS: | Ubuntu |
Bug Status: | New |
Description
Sugar-Emulator uses the '-ac' flag in the Xephyr command line, with turns off access control.
This means that anyone on the network can attach to the display/keyboard/mouse and interfer with the operation of Sugar (such as running xeyes, which goes full screen and can not be cancelled!).
Reported on Ubuntu at https://bugs.launchpad.net/ubuntu/+source/sugar/+bug/296604
Attachments (2)
Change History (12)
Changed 15 years ago by morgs
comment:1 Changed 15 years ago by lfaraone
- Cc luke@… added
Ubuntu:
"""
Slight problem with patch, 1 in 16 chance that xauth will fail as leading 0 is dropped, new to python so don't know how to fix this....
[...]
--
DEBUG:sugar-emulator:Xauth command: xauth add :3 . a3dd93f39f280dad34d58d6f301a84f
xauth: (argv):1: key contains odd number of or non-hex characters
--
Simon.
"""
comment:2 Changed 15 years ago by lfaraone
- Owner changed from marcopg to lfaraone
- Status changed from new to accepted
comment:3 Changed 15 years ago by lfaraone
- Keywords r? added
- Owner changed from lfaraone to marcopg
- Status changed from accepted to assigned
comment:4 Changed 15 years ago by mungewell
The testing of len < 32 is a bit of a nasty way to compensate for leading '0's
Slightly better way of fixing leading zeros...
change
'%s' % hex(random.getrandbits(128))[2:-1]
for
'%032X' % random.getrandbits(128)
and then you don't need the test for lenght.
Mungewell.
comment:5 Changed 15 years ago by marcopg
- Keywords r- added; r? removed
What about using mcookie? From man:
mcookie generates a 128-bit random hexadecimal number for use with the X authority system. Typical usage:
xauth add :0 . ‘mcookie‘
comment:6 Changed 15 years ago by marcopg
- Bug Status set to New
- Distribution/OS set to Ubuntu
- Milestone set to 0.86
- Severity set to Minor
- Version set to 0.83.x
comment:7 Changed 15 years ago by sascha_silbe
- Cc sascha_silbe added
comment:8 Changed 14 years ago by RafaelOrtiz
Maybe mstone work can be used as a reference to fix this.
comment:9 Changed 10 years ago by godiard
- Resolution set to obsolete
- Status changed from assigned to closed
sugar-emulator not used anymore
Patch from Ubuntu ticket - Simon Mungewell