Re: security hole in X????

To: Carlos Carvalho <carlos@riglos.fisica.ufpr.br>
Cc: debian-user@lists.debian.org
Subject: Re: security hole in X????
From: Mark Eichin <eichin@cygnus.com>
Date: 04 Jun 1996 19:37:58 -0400
Message-id: <[🔎] xe1afyj3zu1.fsf@maneki-neko.cygnus.com>
In-reply-to: Carlos Carvalho's message of Tue, 4 Jun 96 17:08 EST
References: <[🔎] m0uR2PB-000027C@riglos.fisica.ufpr.br>

If you share a home directory on both machines, and you're using xdm,
then the access is based on the .Xauthority file in your homedir.
"xauth list" should show the same thing on both systems, if this is
the case. (Generally this isn't much better -- it means you're still
vulnerable to the "magic cookie" being sniffed as it goes over the
net, but other users on the remote host can't connect as they could if
you'd used xhost...)

As for rlogin: no bug, it's just that rlogin has no mechanism to pass
environment variables (and there's no way to extend the protocol
portably, rlogin is doomed, use telnet :-)

Reply to:

References:
- security hole in X????
  - From: Carlos Carvalho <carlos@riglos.fisica.ufpr.br>

Prev by Date: Re: Multiple pp configurations
Next by Date: Re: 1200_root_floppy?
Previous by thread: Re: security hole in X????
Next by thread: Re: security hole in X????
Index(es):
- Date
- Thread