[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unidentified subject!

On Tue, 7 Jul 1998 ej@pitnet.net wrote:

> Unless explicitly told to do so using xhost, X does not allow anybody
> other than the person who started it to open windows on its desktop,
> not even root.  I could never figure out the proper syntax for xhost,
> however, so I usually end up just using 'xhost +' which disables all
> access control and then 'xhost -' when I'm done.

That's pretty insecure.  I've seen instances where people on our campus
(admittedly,  a large one with relatively insecure systems anyway) have
had other people connect to their X displays because they'd done the  
"xhost +" bit.  Generally more a nuisance than a real security concern,
but still... "xhost + locahost" is only marginally more secure ... with
that one,  just anyone on the x machine can connect ... so on a system
which distributes campus email,  that's a few thousand people here...

Go for "sudo".
                     					Will


--------------------------------------------------------------------------
|             harpo@udel.edu lowe@cis.udel.edu lowe@debian.org           |
|			http://www.cis.udel.edu/~lowe/		         |
|    PGP Public Key:  http://www.cis.udel.edu/~lowe/index.html#pgpkey    |
--------------------------------------------------------------------------



--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: