[kwlug disc.] Understanding the X Window System
Chris Bruner
cbruner at quadro.net
Tue Feb 6 01:57:06 EST 2007
Thanks Chris, I will be reviewing it with interest.
Chris
Chris Frey wrote:
> Hi,
>
> As promised, here is the detailed outline used for tonight's presentation.
> There were a lot of good comments during the meeting, talking about VNC's
> X server, and FreeNX (?)... please feel free to add more tips to this thread.
>
> - Chris
>
>
>
>
>
> Almost all the information presented tonight is available to you regardless
> of what desktop you use. I'll be using a lot of low level X commands
> that are on most installations by default.
>
> Ssh will also be used near the end, to point out some security considerations.
>
>
> - goals of presentation
>
> - The X model
>
> - XF86Config overview
> - screens bigger than display size? scrolling?
> - Virtual 2048 1024 (in Display subsection)
> - xf86cfg (gui) and xf86config (text) config programs
> - handy keystrokes
> - Ctrl-Alt-Backspace
> - Ctrl-Alt- + and -
> - Ctrl-Alt- F1 to F12
>
>
> - Connecting to your X server
> - display name format:
> hostname:displaynumber.screennumber
> hostname - computer it's running on
> display number - which X server that's running on host
> screen number - which monitor
> - specify:
> - DISPLAY env variable
> - -display command line option
>
>
> - the X startup process
> - starting the X server manually
> - X :1
> - useless
> - xterm -display :1
> - need a window manager!
> - try it: fluxbox -display :1
>
>
> - startx
> - user friendly wrapper for xinit
> - startup scripts in /home/user
> - .xinitrc - default script to start up the client
> - .xserverrc - default script for X server
> - xinit kills the X server when client exits (last connection)
> - specify the display number
> startx -- :1
>
>
> - xdm/gdm/kdm
> - see below
>
>
> - X managers
> - The display manager - manages logins graphically
> - takes the place of init, getty, login
> - via inittab or daemon
> - xdm starts an X server based on /etc/X11/xdm/Xservers
> - remote access from the network
> - port 177, UDP, the xdmcp protocol
> - has to be configured specifically for security reasons
> - xdm needs to be "willing"
> - gdm needs xdmcp turned on
> - demo gdm
> - turn on xdmcp in gdm config
> - X :1 -query localhost
>
>
> - The window manager
> - fluxbox
> - gnome / kde
>
>
> - The session manager
> - xsm
> - place at the end of your .xinit
> - rather limited
> - gnome
> - automatic session management in the logout screen
> - when using gnome applications, can save even
> small details
> - try metacity
>
>
> - X fonts
> - fonts are loaded from the server's local filesystem, or from
> one or more font servers, or both
> - xfontsel
>
> - Cut and paste
> - the selection and the cut buffer
> - selection - application holds the data for anyone that asks
> - cut buffer - X server holds the data
> - xcutsel
> - http://www.realvnc.com/pipermail/vnc-list/2001-May/022320.html
> - experiment:
> - mozilla works with selection
> - xterm works with both cut buffer and selection
> - xcutsel to work with cut buffer even after mozilla
> exits
> - the clipboard
> - xclipboard
> - listens for CLIPBOARD assertions and keeps a stack of
> string data... xterm doesn't do this, but mozilla
> does when doing a Copy
>
>
> - X toys
> - xsetroot
> - xsetroot -solid black
> - xsetroot -solid red
> - xsetroot -bitmap pumpkin.xbm
> - bsetroot, part of fluxbox, handles jpg's
> - bitmap
> - xeyes
> - xmag
> - xmessage
> - xmessage -center 'Hello world!'
> - xmessage -center -file Xpresentation.txt
> - taking screenshots with xwd | xwud
> - of the root window (shows everything)
> - xwd -root
> - of a given window
> - xwd by itself, allows selection
> - xwdtopnm
> - convert to pnm
> - ppmtopgm back.ppm | pgmtopbm | pbmtoxbm > back.xbm
> - xwd | xwdtopnm | ppmtopgm | pgmtopbm | pbmtoxbm > window.xbm
> - xsetroot -bitmap window.xbm
>
>
> - Poking around the X window system
> - xmodmap
> - xmodmap -pk (gets list of keycodes)
>
> - xset
> - keyboard rate:
> - xset r rate 250 30
> - turning autorepeat on/off per key
> - xset -r 65 (spacebar)
>
> - xls* family
> - xlsclients Shows client programs currently connected
> - xlsfonts
> - xfd -fn <name>
> - xlsatoms
> - atom: (1.) A unique ID corresponding to a string
> name. Atoms are used to identify properties,
> types, and selections.
>
> - info family
> - xdpyinfo
> - xwininfo
> - xwininfo -tree -root
> - xwininfo -tree (lets user select window)
> - xfsinfo
> - xfsinfo -server unix/localhost:7100
> - glxinfo (not covered)
> - xvinfo (not covered)
>
>
> - xprop - watching properties
> - mozilla remote
>
> - xev - watching events
>
>
>
> - X authentication
> - X uses "old school" security, like unix itself... there is one
> barrier to getting in, but once you're in, you're IN!
> - xhost
> - allows anyone from one of the listed hostnames access
> - leave this on, with the host list empty
> - xauth
> - MIT magic cookie - used on most linux installs
> - kerberos
> - getting access to X after running "su"
> - xauth, merge, etc
>
>
> - X forwarding
> - ssh -X and ssh -Y
> - forwards a connection via TCP... often port 6010, etc
> - how an attacker might gain access to your X server
> - spying on the visitor (xwininfo)
> - screen captures! (xwd)
> - keyboard sniffing! (xev)
> - mess with his mind!
> - xmessage
> - xwud a picture onto his display
> - xkill
> - not just hacking, but collaboration
> - ooffice -display :0
>
>
>
> - Security recommendations
> - never ssh -X into a machine that:
> - you don't trust (insecure machine, possibly hacked, etc)
> - you don't trust all people who have root on that machine
> - turn off X forwarding with:
> - ssh -x user at host
> - /etc/ssh/ssh_config (client config)
> - logins can occur via:
> - telnet
> - ssh
> - the X display manager
> - if your home directory is mounted on a network filesystem, your
> magic cookies may be travelling the network in the clear
>
> _______________________________________________
> KWLUG-Disc mailing list
> KWLUG-Disc at kwlug.org
> http://listserv.kwlug.org/mailman/listinfo/kwlug-disc
>
>
More information about the KWLUG-Disc
mailing list