X11, SVGA and display security

X11
It’s important for you to secure your graphical display to prevent attackers from grabbing
your passwords as you type them, reading documents or information you are
reading on your screen, or even using a hole to gain root access. Running remote X
applications over a network also can be fraught with peril, allowing sniffers to see all
your interaction with the remote system.
X has a number of access-control mechanisms. The simplest of them is host-based:
you use xhost to specify the hosts that are allowed access to your display. This is not
very secure at all, because if someone has access to your machine, they can xhost +
their machine and get in easily. Also, if you have to allow access from an untrusted
machine, anyone there can compromise your display.

When using xdm (X Display Manager) to log in, you get a much better access
method: MIT-MAGIC-COOKIE-1. A 128-bit "cookie" is generated and stored in your
.Xauthority file. If you need to allow a remote machine access to your display,
you can use the xauth command and the information in your .Xauthority file
to provide access to only that connection. See the Remote-X-Apps mini-howto,
available at http://metalab.unc.edu/LDP/HOWTO/mini/Remote-X-Apps.html.
You can also use ssh (see the Section called ssh (Secure Shell) and stelnet, above) to
allow secure X connections. This has the advantage of also being transparent to the
end user, and means that no unencrypted data flows across the network.
You can also disable any remote connections to your X server by using the ’-nolisten
tcp’ options to your X server. This will prevent any network connections to your
server over tcp sockets.
Take a look at the Xsecurity man page for more information on X security. The safe
bet is to use xdm to login to your console and then use ssh to go to remote sites on
which you wish to run X programs.
SVGA
SVGAlib programs are typically SUID-root in order to access all your Linux machine’s
video hardware. This makes them very dangerous. If they crash, you typically
need to reboot your machine to get a usable console back. Make sure any SVGA
programs you are running are authentic, and can at least be somewhat trusted. Even
better, don’t run them at all.
GGI (Generic Graphics Interface project)
The Linux GGI project is trying to solve several of the problems with video interfaces
on Linux. GGI will move a small piece of the video code into the Linux kernel, and
then control access to the video system. This means GGI will be able to restore your
console at any time to a known good state. They will also allow a secure attention
key, so you can be sure that there is no Trojan horse login program running on your
console. http://synergy.caltech.edu/~ggi/