Re: Unidentified subject!
On Tue, 7 Jul 1998 ej@pitnet.net wrote:
> Unless explicitly told to do so using xhost, X does not allow anybody
> other than the person who started it to open windows on its desktop,
> not even root. I could never figure out the proper syntax for xhost,
> however, so I usually end up just using 'xhost +' which disables all
> access control and then 'xhost -' when I'm done.
That's pretty insecure. I've seen instances where people on our campus
(admittedly, a large one with relatively insecure systems anyway) have
had other people connect to their X displays because they'd done the
"xhost +" bit. Generally more a nuisance than a real security concern,
but still... "xhost + locahost" is only marginally more secure ... with
that one, just anyone on the x machine can connect ... so on a system
which distributes campus email, that's a few thousand people here...
Go for "sudo".
Will
--------------------------------------------------------------------------
| harpo@udel.edu lowe@cis.udel.edu lowe@debian.org |
| http://www.cis.udel.edu/~lowe/ |
| PGP Public Key: http://www.cis.udel.edu/~lowe/index.html#pgpkey |
--------------------------------------------------------------------------
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: