on Sat, Oct 06, 2001 at 09:47:04PM -0700, Ben Hartshorne (ben@hartshorne.net) wrote:
> On Sat, Oct 06, 2001 at 02:31:35PM -0700, Karsten M. Self wrote:
> > on Fri, Oct 05, 2001 at 10:01:59PM -0400, Kyle Girard (kgirard@chat.carleton.ca) wrote:
> > > What does one have to do to enable X apps to be forwarded to my machine?
> > >
> > > For two machine named debian and firewall respectively, I want to
> > > forward a display from fireall to debian
> > >
> > > on debian:
> > >
> > > xhost + firewall
> >
> > NEVER, EVER, USE XHOST AUTHENTICATION TO APPROVE REMOTE CONNECTIONS.
>
> I disagree.
If you understand, fully, what the risks are, you can modify the rules.
I've been known to allow an xhost connection on an internal, known
network, but only for debugging purposes.
There's also a secure version of telnet now. But most people would be
far better off thinking telnet == evil and not gettign confused over
which clients are or are not secure, and/or whether or not SSL was
enabled (most telnet-ssl clients I've seen drop to non-SSL mode
automatically if SSL isn't enabled).
The people who know enough to disregard this advice know who they are.
What I'm concerned about are people just cutting their teeth on all this
stuff. If you get in the habit of:
- Don't log in as root (sudo instead).
- Disable all rpc services (rhosts, rexec, rlogin, etc.).
- Only run anonymous FTP
- Never run telnet.
- Never use xhosts (always SSH-forward X11 connections).
- Don't use any clients (mail, web) which allow remote/untrusted code
to be executed locally
...you'll lose a number of the bigger GNU/Linux security holes.
In most cases there are far better alternatives.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgpl6dBbROUDE.pgp
Description: PGP signature