I was referring to running MGR clients over rlogin/telnet/slip, not X clients.
Yes I know X clients talk to the server via unencrypted connections over the network -- I developed a multi player X11 version of SimCity whose client connected to multiple players' servers at the same time. But as FullyFunctional rightly pointed out, X11 networking is "hackish and awkward and filled with issues". So I removed the multi player networking feature when I ported SimCity to the OLPC XO-1 Children's Computer for kids to use, since it was unthinkable to expect kids to deal safely with X-Windows network security using xauth or setting up ssh tunnels.
David Chapman describes some of the problems with X-Windows "MIT-MAGIC-COOKIE-1" authentication in the book "Unix-Haters Handbook" chapter "X-Windows Disaster" section "Myth: X Makes Unix 'Easy to Use'":
From: David Chapman <zvona@gang-of-four.stanford.edu>
To: UNIX-HATERS
Subject: MIT-MAGIC-COOKIE-1
For the first time today I tried to use X for the purpose for which it was intended, namely cross-network display. So I got a telnet window from boris, where I was logged in and running X, to akbar, where my program runs. Ran the program and it dumped core. Oh. No doubt there’s some magic I have to do to turn cross-network X on. That’s stupid. OK, ask the unix wizard. You say “setenv DISPLAY boris:0”. Presumably this means that X is too stupid to figure out where you are coming from, or unix is too stupid to tell it. Well, that’s unix for you. (Better not speculate about what the 0 is for.)
Run the program again. Now it tells me that the server is not authorized to talk to the client. Talk to the unix wizard again. Oh, yes, you have have to run xauth, to tell it that it’s OK for boris to talk to akbar. This is done on a per-user basis for some reason. I give this ten seconds of thought: what sort of security violation is this going to help with? Can’t come up with any model. Oh, well, just run xauth and don’t worry about it. xauth has a command processor and wants to have a long talk with you. It manipulates a .Xauthority file, apparently. OK, presumably we want to add an entry for boris. Do:
xauth> help add
add dpyname protoname hexkey add entry
Well, that’s not very helpful. Presumably dpy is unix for “display” and protoname must be… uh… right, protocol name. What the hell protocol am I supposed to use? Why should I have to know? Well, maybe it will default sensibly. Since we set the DISPLAY variable to “boris:0”, maybe that’s a dpyname.
xauth> add boris:0 xauth: (stdin):4 bad “add” command line
Great. I suppose I’ll need to know what a hexkey is, too. I thought that was the tool I used for locking the strings into the Floyd Rose on my guitar. Oh, well, let’s look at the man page.
I won’t include the whole man page here; you might want to man xauth yourself, for a good joke. Here’s the explanation of the add command:
add displayname protocolname hexkey
An authorization entry for the indicated display using the given protocol and key data is added to the authorization file. The data is specified as an even-lengthed string of hexadecimal digits, each pair representing one octet. The first digit gives the most significant 4 bits of the octet and the second digit gives the least significant 4 bits. A protocol name consisting of just a single period is treated as an abbreviation for MIT-MAGIC-COOKIE-1.
This is obviously totally out of control. In order to run a program across the fucking network I’m supposed to be typing in strings of hexadecimal digits which do god knows what using a program that has a special abbreviation for MIT-MAGIC-COOKIE-1?? And what the hell kind of a name for a network protocol is THAT? Why is it so important that it’s the default protocol name?
Fuck this shit.
Obviously it is Allah’s will that I throw the unix box out the window. I submit to the will of Allah.
> X11 networking is "hackish and awkward and filled with issues
It doesn’t just allow random people to pop up a window on your display and annoy you. It allows them to see everything you do and everything you type and control your applications without you seeing it.
It’s not that it’s awkward and has some issues. It’s a security hole by design and that’s what makes it unusable.
And that is aside from the security risks posed to the client by an untrusted server (and all the other untrusted clients connected to it) and to the server by an untrusted client.
I’m not sure though what the problem is with X through SSH, it’s 99% transparent, the biggest issue is that, if you ssh to an untrusted server, you allow that server to connect to your X server and see what you are doing and what you type and control all your applications.
> Oh, the joy of being an university student with time to spare on a lab of cluessles people about the mighty powers of xhost -.
Or a large investment bank in NYC with Suns on everyone’s desk. Trading floors are hotbeds of middle school behavior. NSFW pics popping up on your screen randomly. Screenshots of shared with the entire office. Ahhhh, those were the days.
Yes I know X clients talk to the server via unencrypted connections over the network -- I developed a multi player X11 version of SimCity whose client connected to multiple players' servers at the same time. But as FullyFunctional rightly pointed out, X11 networking is "hackish and awkward and filled with issues". So I removed the multi player networking feature when I ported SimCity to the OLPC XO-1 Children's Computer for kids to use, since it was unthinkable to expect kids to deal safely with X-Windows network security using xauth or setting up ssh tunnels.
https://www.youtube.com/watch?v=_fVl4dGwUrA
https://www.youtube.com/watch?v=EpKhh10K-j0
David Chapman describes some of the problems with X-Windows "MIT-MAGIC-COOKIE-1" authentication in the book "Unix-Haters Handbook" chapter "X-Windows Disaster" section "Myth: X Makes Unix 'Easy to Use'":
https://donhopkins.medium.com/the-x-windows-disaster-128d398...
Date: Wed, 30 Jan 91 15:35:46 -0800
From: David Chapman <zvona@gang-of-four.stanford.edu>
To: UNIX-HATERS
Subject: MIT-MAGIC-COOKIE-1
For the first time today I tried to use X for the purpose for which it was intended, namely cross-network display. So I got a telnet window from boris, where I was logged in and running X, to akbar, where my program runs. Ran the program and it dumped core. Oh. No doubt there’s some magic I have to do to turn cross-network X on. That’s stupid. OK, ask the unix wizard. You say “setenv DISPLAY boris:0”. Presumably this means that X is too stupid to figure out where you are coming from, or unix is too stupid to tell it. Well, that’s unix for you. (Better not speculate about what the 0 is for.)
Run the program again. Now it tells me that the server is not authorized to talk to the client. Talk to the unix wizard again. Oh, yes, you have have to run xauth, to tell it that it’s OK for boris to talk to akbar. This is done on a per-user basis for some reason. I give this ten seconds of thought: what sort of security violation is this going to help with? Can’t come up with any model. Oh, well, just run xauth and don’t worry about it. xauth has a command processor and wants to have a long talk with you. It manipulates a .Xauthority file, apparently. OK, presumably we want to add an entry for boris. Do:
xauth> help add
add dpyname protoname hexkey add entry
Well, that’s not very helpful. Presumably dpy is unix for “display” and protoname must be… uh… right, protocol name. What the hell protocol am I supposed to use? Why should I have to know? Well, maybe it will default sensibly. Since we set the DISPLAY variable to “boris:0”, maybe that’s a dpyname.
xauth> add boris:0 xauth: (stdin):4 bad “add” command line
Great. I suppose I’ll need to know what a hexkey is, too. I thought that was the tool I used for locking the strings into the Floyd Rose on my guitar. Oh, well, let’s look at the man page.
I won’t include the whole man page here; you might want to man xauth yourself, for a good joke. Here’s the explanation of the add command:
add displayname protocolname hexkey
An authorization entry for the indicated display using the given protocol and key data is added to the authorization file. The data is specified as an even-lengthed string of hexadecimal digits, each pair representing one octet. The first digit gives the most significant 4 bits of the octet and the second digit gives the least significant 4 bits. A protocol name consisting of just a single period is treated as an abbreviation for MIT-MAGIC-COOKIE-1.
This is obviously totally out of control. In order to run a program across the fucking network I’m supposed to be typing in strings of hexadecimal digits which do god knows what using a program that has a special abbreviation for MIT-MAGIC-COOKIE-1?? And what the hell kind of a name for a network protocol is THAT? Why is it so important that it’s the default protocol name?
Fuck this shit.
Obviously it is Allah’s will that I throw the unix box out the window. I submit to the will of Allah.