Re: can't connect to Xserver (127.0.0.1) anymore

["s. keeling" <keeling@spots.ab.ca>]

Incoming from Uwe Brauer:
> On 23 Apr 2004, fluch@rock.it.helsinki.fi wrote:
> 
> > On Fri, 23 Apr 2004, Uwe Brauer wrote:
> >
> >> On 22 Apr 2004, Howland@priss.com wrote:
> >>
> >> However I wonder, why does xhost + 127.0.0.1:0.0 not work anymore,
> >> if there is a change in the default behavior where has it been
> >> announced.
> >
> > Debian configured the X such that it doesn't listen to any TCP
> > connection by default for security reason.
> 
> well, it worked in woody. My question remains where has it been
> announced.

Usenet: comp.os.linux.security, and others.

> Security: now in order to use an X-application which I can use only as
> another user, I have to do
> xhost +

xhost +localhost           # IFF you must!

> Which is surely *very* insecure!!!
> As a matter of fact I don't like it at all.
> So is there any way to reactivate the old (woody) configuration which
> is for _this_ purpose more *secure*

Better, use xauth:

   xauth list                          # if you already have keys, skip next
   xauth generate .                    # perform if you have no auth file
   xauth nextract username.xa $DISPLAY # should be the only step needed.

Now login to the other machine/account.

   export DISPLAY=$REMOTE_HOSTIP:0.0
   xauth nmerge ~username/username.xa


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -