| Title: | VXT 2000 X Windows Terminal |
| Notice: | ** Customer problems: use IPMT please ** |
| Moderator: | HANNAH::CBOUDREAU |
| Created: | Wed Mar 21 1990 |
| Last Modified: | Fri May 23 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 2041 |
| Total number of notes: | 7910 |
Hi, I have a question about VXT$LAUNCH. Recently I have configured VXT$LAUNCH for use with my VXT2000. I'm running VXT$LAUNCH within a little DCL-procedure as a detached process on an Alphaserver, so the VXT$LAUNCH would try to restart if the VXT is resetted. The advantage is for example that I can start a Xsession via TCPIP with an only selection in the VXT-Start-Dialog. So far, so good. Now I have some doubts if this could be a security hole. Because the applications like CDE$SYSTEM_DEFAULTS:[BIN]XSESSION.COM are started as subprocesses from VXT$LAUNCH, I'm running the VXT$LAUNCH with my UIC. I see that at start time VXT$LAUNCH connect to the VXT-Xserver and will stop if the connection is lost . Will VXT$LAUNCH only accept commands from this connection/host address or is it possible to connect to this instance of VXT$LAUNCH from another VXT and then execute commands with my UIC? Regards, Stephan
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 2034.1 | VXT$LAUNCH relies on X server access control for security | GWEN::FAULKNER | Dave, 244-5855, AKO1-2/D12, Pole: F14 | Mon Mar 10 1997 15:58 | 15 |
VXT$LAUNCH is an X windows client and only listens to requests on the X
server to which it is attached. Any other VXT$LAUNCH or similar client
can send it requests provided it it is allowed to connect to the X
server. The whole mechanism is based on changing X Server properties
and using notification to VXT$LAUNCH when its property changes.
The mechanism is also specific to the host. It is possible to have
several VXT$LAUNCH demons operating on different hosts.
You can restrict access to your VXT$LAUNCH demon using standard access
control mechanisms such as xhost or VXT's own security customization.
I hope this helps.
- Dave Faulkner (VXT and Multia Support Engineering)
| |||||
| 2034.2 | Now it's clear... | MUNICH::AUEROCHS | Stephan Auerochs, CSC Munich | Tue Mar 11 1997 08:18 | 9 |
Hello Dave, thank you for this information. Now I understand when and how to use VXT$LAUNCH. I think it's not the best choice if you use Transport TCPIP, because Username in the security-list is not used with TCPIP, so other users on the host can connect a VXT$LAUNCH to your VXT-Xserver and send commands. Regards, Stephan | |||||