Re: problems with running remote X programs
On Sat, Jun 15, 2002 at 11:40:21PM -0700, Karsten M. Self wrote:
> on Fri, Jun 14, 2002, Colin Watson (cjwatson@debian.org) wrote:
> > Yes. Remove '-nolisten tcp' from whatever starts your X server if you
^^^^^^
["want to do this" snipped, but let's consider that underlined as well]
> Don't do that. It's there for a reason. X11 is an insecure,
> unauthenticated, protocol. Use other means (ssh with X11 forwarding) to
> tunnel it remotely if necessary.
Quite - but I have found environments where using plain remote X is
useful. For instance, at work we have an internal network, and nobody
there is going to attempt to hijack my X session. ssh is not installed
on all the bizarre Unix systems that we have lying around, and I have
much better things to do than spend a few days compiling it everywhere
when it doesn't contribute a jot to my job description and really isn't
necessary. Occasionally I need to run an X application remotely, and
disabling '-nolisten tcp' is quite safe in this context and is by far
the simplest solution.
It is appropriate to tell people that a secure alternative exists and
should be used wherever possible; it is also appropriate to remember
that, as long as you know what you're doing, the secure alternative is
not always what you want. I would venture to suggest that internal
networks where all other hosts are trusted are common enough
environments for Debian systems that I don't think I have to suppress
this particular piece of knowledge. Naturally, if your system is
connected directly to the wider Internet then you need to take that into
account in everything you do and use secure protocols like ssh in
preference.
I apologize for not spelling this out in detail.
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: