Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!amdcad!ames!mailrus!tut.cis.ohio-state.edu!rutgers!ucsd!ucbvax!bloom-beacon!EXPO.LCS.MIT.EDU!rws
From: rws@EXPO.LCS.MIT.EDU (Bob Scheifler)
Newsgroups: comp.windows.x
Subject: Re: X11R3 security hole needs attention
Message-ID: <8903201259.AA21057@EXPIRE.LCS.MIT.EDU>
Date: 20 Mar 89 12:59:47 GMT
References: <8903171835.aa07658@SPARK.BRL.MIL>
Sender: daemon@bloom-beacon.MIT.EDU
Organization: The Internet
Lines: 10


    Any chance we (xpert) could get a short description from you of the
    simple security scheme you are running at MIT?

In broad terms, it's this: xdm and the server find a way to share a secret
(e.g. through data in a file readable only by root).  When the user logs in,
xdm makes some form of that secret available to the user (e.g. through data in
a file readable only by that user).  XOpenDisplay is modified to know where to
find this information, and uses it to prove to the server that it knows the
secret.  The server only accepts connections from clients that know the secret.