Ask the Expert

Vulnerability of Xvfb on Sun Solaris

I'm using Oracle 9IAS on a Sun Solaris box for an internal application. The original requirement was to have an active X-window/server session on a workstation (for monitoring purposes). I decided against that solution, and went with Xvfb/Openlook scenario instead.

I cannot find any useful vulnerability information with Xvfb on a Sun Solaris box. Any suggestions or comments or information that I could use in making an official determination?


    Requires Free Membership to View

Xvfb is a virtual frame buffer for X windows, as I'm sure you know.

One uses it on a headless workstation so that an X application can draw into a piece of memory and not whine that there is no display on a given workstation.

I know of no security problems with Xvfb myself -- remember, it's nothing more than a piece of virtual memory pretending to be a video display card. There's not a lot to go wrong.

Now having said that, X has its own set of security issues. A decade ago, these were a much bigger deal than they are now. Standard installations of X lock down things pretty tightly. But those are things you'd have to worry about no matter what.

A search of Bugtraq for xvfb turns up two references to X11 cookie hijack problems (dating from 1998) and an XFree86 3.1.2 problem from 1996. That's a rather clean bill of health.


This was first published in April 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: