Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!udel!haven!mimsy!mojo!stripes
From: stripes@eng.umd.edu (Joshua Osborne)
Newsgroups: comp.windows.x
Subject: Re: Spy X Window
Message-ID: <1990Jul30.221801.16865@eng.umd.edu>
Date: 30 Jul 90 22:18:01 GMT
References: <194@melpar.UUCP> <9070004@hpavla.AVO.HP.COM>
Sender: news@eng.umd.edu (The News System)
Organization: College of Engineering, Maryversity of Uniland, College Park
Lines: 31

In article <9070004@hpavla.AVO.HP.COM> almquist@hpavla.AVO.HP.COM (Mike Almquist) writes:

>Hi, its me again - the guy that started this discussion, etal.  From a real
>world situation, being able to see what is going on another terminal is GREAT.
>From an academic situation it gets tricky.  Both Jim Hopkins and der Mouse
>talked about the one thing that caused me to scream about terminal monitoring,
>SCREENDUMPING.  In the past I have known of students that have gotten copies
>of exams from teacher's screens.  All they have to do is to do a periodic
>screendump.  Simple as that.  I've even known of some teachers that have left
>their exams readable (they deserved to get screwed - prof. are suppose to
>w better).  Yes, there are ways around screendumping, etc.  Modify the source
>(at school we did this initially), touch this touch that, restrict this
>restrict that, etc.  Thats what I hate.  We shouldn't be spending our time
>with issue such as security.  We should be pushing back the edges of our field
>not babysitting.  Its unfortunate but that's human nature I guess.

There are 2 simple soultions.  The first appys to anyone who runs X, esp on
a 'puter that can be loged into remotly.  First, use MIT-COOKIE-1, setting
xdm up to do it for you is the easyest way to go, adding cookies by hand or
with a program you'll need to write is also Ok.  Second, if you use a sun
install SunOS4.1, use the sample file they have to "secure" all the
/dev stuff that needs to be secured (/dev/fb, /dev/cg*, /dev/audio...).

There is also a non-simple answer: change human nature.  That's not in
my job description 'tho...
-- 
           stripes@eng.umd.edu          "Security for Unix is like
      Josh_Osborne@Real_World,The          Mutitasking for MS-DOS"
      "The dyslexic porgramer"                  - Kevin Lockwood
"Don't try to change C into some nice, safe, portable programming language
 with all sharp edges removed, pick another language."  - John Limpert