Re: X connection from outside
On Tue, 2002-03-05 at 09:34, Philippe Ribet wrote:
> David Dooling wrote:
>
> > In woody, it is forbidden by default everywhere an X server might be
> > started, namely the display managers. Find the configuration file(s)
> > for youe display manager (xdm, gdm, kdm, wdm, ...) and grep for
> > 'nolisten'. Then remove the '-nolisten tcp' option from the X command
> > line.
>
> Thanks for the tip, removing -nolisten tcp in /etc/X11/xinit/xserverrc and
> /etc/X11/xdm/Xservers solved the problem.
>
> May the default behaviour be without -nolisten tcp in woody. It's simpler for
> everbody, isn't it ?
Ummm.... no. It is simpler for the bad guys, yes, but not for those of
us that prefer not to have our systems broken into by every passing
idiot. With what you just did, J. Random Hacker can open windows on
your screen, grab screenshots, monitor your keystrokes, move your mouse,
type things for you, etc, and all they have to know is your IP address.
'xhost +' on a machine connected to the Internet is less secure than an
unpatched Windows 98 machine running Outlook.
Fortunately, there are other good ways to do what you're trying to do
('ssh -X' is good for remote hosts, 'sux' for "su with x" is good for
the host you're really sitting at), so making such a change towards
insecurity is unnecessary.
--
Stephen Ryan Debian GNU/Linux
Technology Coordinator
Center for Educational Outcomes
at Dartmouth College
Reply to: