Re: xhosts question..
On Mon, 3 May 1999, Allen B. Riddell wrote:
>Ok, I'm using xdm and everything, when I su to root from my normal account
>and try to use x programs -- the program yells at me and tells me to use
>xhost to add whatever host to the list of approved addresses...
>
>Anyway -- so I get out of the shell and type xhost localhost or something
>like that -- then I su back and everything works fine.
>
>I've read "man xhost" or xhosts, can't remember which -- but anyway, I
>can't decipher if there is some file that controls access that I could just
>add localhost or whatever to and avoid this whole mess in the first place?
my understanding is that xhost is NOT the preferred way of handling
this, although if you are not worried about nasty people getting onto
you machine, it is certainly the simplest.
If you are not real security worried, just put "xhost +yourhostname"
(basically, the command you are already using) in your .xsession (I
think that's the right file) or something.
If you ARE careful about security issues, or you just want to establish
good habits, use the xauth command instead. It's a little more work,
but it's much more secure.
I use the following command from a script as root:
su mstenner -c 'xauth nextract - :0' | xauth nmerge -
OK... I THINK that's the command I use. I'm at work at the moment. In
any event, this command and the xauth manpage should tell you what you
need to get started. You may need to explicitly tell xauth which files
to use (see the -f option)
The major reason that the latter method is more secure than the former:
it allows only root to access your X session. xhost +localhost allows
anyone on your machine to run x applications in your session, and to do
some really nasty things (capture keystrokes) and some entertaining
things (move your mouse pointer, change your background...)
You decide :)
-Michael
Reply to: