Table of Contents
Advertisement
In the case of cookie-based access control, a character string is generated that is only
known to the X server and to the legitimate user, just like an ID card of some kind. This
cookie (the word goes back not to ordinary cookies, but to Chinese fortune cookies,
which contain an epigram) is stored on login in the file .Xauthority in the user's
home directory and is available to any X client wanting to use the X server to display
a window. The file .Xauthority can be examined by the user with the tool xauth.
If you were to rename .Xauthority or if you deleted the file from your home direc-
tory by accident, you would not be able to open any new windows or X clients. Read
more about X Window System security mechanisms in the man page of Xsecurity
(man Xsecurity).
SSH (secure shell) can be used to encrypt a network connection completely and forward
it to an X server transparently without the encryption mechanism being perceived by
the user. This is also called X forwarding. X forwarding is achieved by simulating an
X server on the server side and setting a DISPLAY variable for the shell on the remote
host. Further details about SSH can be found in
erations
WARNING
If you do not consider the host where you log in to be a secure host, do not
use X forwarding. With X forwarding enabled, an attacker could authenticate
via your SSH connection to intrude on your X server and sniff your keyboard
input, for instance.
44.1.9 Buffer Overflows and Format String
As discussed in
buffer overflows and format string bugs should be classified as issues concerning both
local and network security. As with the local variants of such bugs, buffer overflows
in network programs, when successfully exploited, are mostly used to obtain root
permissions. Even if that is not the case, an attacker could use the bug to gain access
to an unprivileged local account to exploit any other vulnerabilities that might exist on
the system.
Buffer overflows and format string bugs exploitable over a network link are certainly
the most frequent form of remote attacks in general. Exploits for these—programs to
780
Deployment Guide
(page 743).
Bugs
Section 44.1.5, "Buffer Overflows and Format String Bugs"
Chapter 40, SSH: Secure Network Op-
(page 777),
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
Related Products for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010