On Tue, Nov 17, 2009 at 08:54:09AM +0100, Arjen Markus wrote: > > > On 2009-11-17 05:51, Alan W. Irwin wrote: > > On 2009-11-16 20:29-0500 David A. Ventimiglia wrote: > > > >> Hi Alan, > >> > >> Thanks for the reply. I'm sorry, but I don't really understand X > >> Windows security or the lack thereof, so I'll have to spend some time > >> grokking this xhost business. :) In any event, it sounds like what > >> you're saying is that this error is not a problem with Tcl, Tk, or > >> PLplot, but rather a legitimate security hole that is either uncommon or > >> doesn't exist at all on other Linux distros, but evidently does exist in > >> Ubuntu Karmic Koala (at least, it does on my machine...I wonder what > >> would happen if I'd done a clean install instead of an upgrade from > >> Jaunty Jaguar). Is that correct? In that case, I suppose my queries > >> should be redirected at the Ubuntu maintainers. :) > > > > Yes, and yes. :-) > > > > I can add some further information on the issue (from the man page of > the Tcl/Tk send command): > > The send command is potentially a serious security loophole. On Unix, > any application that can connect to your X server can send scripts to > your applications. These incoming scripts can use Tcl to read and write > your files and invoke subprocesses under your name. Host-based access > control such as that provided by xhost is particularly insecure, since > it allows anyone with an account on particular hosts to connect to your > server, and if disabled it allows anyone anywhere to connect to your > server. In order to provide at least a small amount of security, Tk > checks the access control being used by the server and rejects incoming > sends unless (a) xhost-style access control is enabled (i.e. only > certain hosts can establish connections) and (b) the list of enabled > hosts is empty. This means that applications cannot connect to your > server unless they use some other form of authorization such as that > provide by xauth. Under Windows, send is currently disabled. Most of the > functionality is provided by the dde command instead. > > IIRC, Tcl/Tk can be compiled with a flag that turns off this security > check, but I do not think that is a wise thing to do.
Just to comment further, this issue has been around with Ubuntu (maybe also Debian?) for a while. It is not a security issue. The default ubuntu setup has xhost +SI:localuser:<username>, where username is the user logged on. This allows the local user to display on the server - in particular it means that x programs started via sudo will correctly display. You can disable this, but then things like the package manager which need to run as root won't work. I don't think this particular use of xhost is a security issue, but tk is not that discriminating. The best course is probably to file a bug against the tk package in Ubuntu. By default you would expect it to work... The best solution would be a patch to tcl / tk to allow the localuser case. Regards Andrew ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Plplot-general mailing list Plplot-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/plplot-general
