|
|
[ Note: The windowing system described here is not related to the familiar windowing systems that run on your Microsoft Windows system or your Mac. This notice is only for those using Unix/Linux systems, an X terminal, or an X Windows emulator. MS Windows users and Mac users can safely disregard this article. The security vulnerability it describes doesn't pertain to the graphical user interface you're using. ]
Most Unix/Linux computers run a graphical user interface (GUI) or "windowing system" known as "X Windows" or "X11." The X Windows display, or "X server" is the program that accepts input from the computer's keyboard and mouse, as well as from other X11-aware programs. Access to that X server is normally controlled by one of two security mechanisms:
Unfortunately, if neither of those mechanisms are employed, essentially anyone, anywhere, can connect to the insecure X server and do things like:
Miscreants are actively searching for insecure X servers which they can abuse using this vulnerability. Because of the risk that private data may be exposed--potentially including passwords or other sensitive data--we strongly recommend that you always use MIT Magic Cookies authentication if you're running X Windows (this is generally handled for you automatically if you connect to a remote Unix server using ssh).
You should also confirm that xhost access control is enabled. To check, enter
the xhost command. You should see output that looks like:
% xhost
access control enabled, only authorized clients can connect
You may also want to enter the xlsclients command to review the list of clients currently connected to your display.