[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SU Problems



On Jun 2, Ed Donovan wrote
> 
> You could just add 
> 
>  xhost +localhost
> 
> to your .xinitrc file, if you don't have any xhost commands there
> already.  Jens has suggested "export XAUTHORITY=~paul/.Xauthority"; I
> don't immediately know which method would be preferable.  The xhost
> method would solve this problem for any userid, and wouldn't require
> changes to any other config files to automate it.
[snip]

... but allows any local user to connect to your X server, spy on your
keystrokes and generally wreak havoc on your machine if they feel like
it. So it's a very bad idea  Setting XAUTHORITY (or copying the .Xauthority
file) is better. Assuming nobody can snoop on the file while it is being
copied, your machine is just as secure as it was before... only users who
have the proper .Xauthority file can connect to the X server. (I've made
myself a tiny alias called 'sysadmin' which copies the .Xauthority file to
root's account and then spawns an xterm with "su - root". Works like a
charm.)

  Christian

Attachment: pgprg8TnBGhNJ.pgp
Description: PGP signature


Reply to: