|
|
Make cookie for XDM-AUTHORIZATION-1 more unique: msg#00010freedesktop.xlibs.general
Does anyone object to the patch below? It is to make the XDM-AUTHORIZATION-1 cookie for local connections more unique. In this case the cookie currently consists of a timestamp (in seconds) the PID and a 'unique' 32bit number obtained by decreasing the static variable unix_addr by one everytime this function is called. I had a case where an application (gimp-remove) did: XOpenDisplay() execve() XOpenDisplay() This way the PID remains the same but unix_addr gets reinitialized. As both calls to XOpenDisplay() happened within the same second the time stamp was to coarse grained to create a different cookie. Related to this: I remember Jim mentioning once that we may be able to ship the DES code in Xdmcp/Wraphelp.c if X.Org meets some requirement of the US government. If so we can deprecate MIT-MAGIC-COOKIE-1 which (if used across the wire) is even worse than host based authorization. Cheers, Egbert. --- a/lib/X11/ConnDis.c 24 Apr 2004 23:39:25 -0000 1.3 +++ b/lib/X11/ConnDis.c 11 May 2004 09:39:56 -0000 @@ -1127,15 +1127,20 @@ static unsigned long unix_addr = 0xFFFFFFFF; unsigned long the_addr; unsigned short the_port; + unsigned long the_utime; + struct timeval tp; + X_GETTIMEOFDAY(&tp); _XLockMutex(_Xglobal_lock); the_addr = unix_addr--; _XUnlockMutex(_Xglobal_lock); + the_utime = (unsigned long) tp.tv_usec; the_port = getpid (); - - xdmcp_data[j++] = (the_addr >> 24) & 0xFF; - xdmcp_data[j++] = (the_addr >> 16) & 0xFF; - xdmcp_data[j++] = (the_addr >> 8) & 0xFF; + + xdmcp_data[j++] = (the_utime >> 24) & 0xFF; + xdmcp_data[j++] = (the_utime >> 16) & 0xFF; + xdmcp_data[j++] = ((the_utime >> 8) & 0xF0) + | ((the_addr >> 8) & 0x0F); xdmcp_data[j++] = (the_addr >> 0) & 0xFF; xdmcp_data[j++] = (the_port >> 8) & 0xFF; xdmcp_data[j++] = (the_port >> 0) & 0xFF; |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| News | FAQ | advertise |