Re: Xfree33
> > Hi,
> > I recently upgraded my Xfree setup to 3.3 from unstable. But now I seem
> > to have some problems.
> > Only the user that runs the xserver (startx) can run apps on it
> > any attempt to run an app by another user is refused. eg below;
> >
> ># xhost
> >
> >Xlib: connection to ":0.0" refused by server
> >Xlib: Invalid MIT-MAGIC-COOKIE-1 key
> >xhost: unable to open display ":0.0"
> >#
>
> Isnt this a "feature"? Did you try "xhost +"? My root-user also must not
> open windows on my (user-)screen. "xhost +" disables this.
xhost + allows more than that.
xhost + allows any user on any machine connected via a network to do
anything to your X screen. Including record every key stroke (you
don't type in passwords, do you), pop up windows, etc.
At least "xhost +machinename" allows only any user on a given machine
to do that.
Take a look at the man page for xauth, for a safe way to do that.
Basically, when the system is running, it creates a small "magic
cookie" that only it knows, that only you can read. When some program
tries to connect to the server, it asks for that magic cookie. If the
program can't provide it, the program can't talk to your server. If
you want other people (like root, or yourself logged into another
machine, or your friend next to you) to be able to talk to your screen,
you can provide them with a copy of the cookie. It is much secure than
opening up your machine to every user in the world!
--
Buddha Buck bmbuck@acsu.buffalo.edu
"Just as the strength of the Internet is chaos, so the strength of our
liberty depends upon the chaos and cacaphony of the unfettered speech
the First Amendment protects." -- A.L.A. v. U.S. Dept. of Justice
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to:
- References:
- Re: Xfree33
- From: Gernot Bauer <Gernot.Bauer@jk.uni-linz.ac.at>