On Sat, Oct 06, 2001 at 02:31:35PM -0700, Karsten M. Self wrote: > on Fri, Oct 05, 2001 at 10:01:59PM -0400, Kyle Girard (kgirard@chat.carleton.ca) wrote: > > What does one have to do to enable X apps to be forwarded to my machine? > > > > For two machine named debian and firewall respectively, I want to > > forward a display from fireall to debian > > > > on debian: > > > > xhost + firewall > > NEVER, EVER, USE XHOST AUTHENTICATION TO APPROVE REMOTE CONNECTIONS. I disagree. (Sorry, Karsten!) I agree that one should not use xhost on any machine on the outside. But if I'm sitting on my home network with 4 other people (who all have root on my machine anyway) working on a project, and we're all plugged into my hub behind my firewall, and there's nobody else on my network, I really don't see the harm in setting xhost + other_hosts. Considering that I build the firewall and trust that it would block X connections, and I trust fully all the other people on my network, hxxl, I may as well enable telnet. Any Never Ever statement does not take into account the current situation. There are times when it's ok to use xhost, when it's ok to use telnet, so long as you know who else is on your network and what they might be doing. > > There are few absolutes, this is one of them. xhost is an obsolete, > insecure, spoofable, authentication protocol. which you shouldn't use if you care about being spoofed, rooted, or actually authenticating anyone. :) -ben -- Ben Hartshorne ...Discarding smoothly, as we disembark, ben@hartshorne.net All thoughts that held us wiser for a moment ben.hartshorne.net Up there, alone, in the impartial dark. -M. Oliver My PGP key is at /pgp.txt. Please encrypt all communications.
Attachment:
pgpgwcM0iX_PT.pgp
Description: PGP signature