Re: Some newbie questions

To: debian-user@lists.debian.org
Subject: Re: Some newbie questions
From: vanillicat <vanilli@nycap.rr.com>
Date: 27 Jul 2002 11:43:42 -0400
Message-id: <[🔎] 1027784622.8853.12.camel@europa>
In-reply-to: <[🔎] y68d6t9ut28.fsf@multics.mit.edu>
References: <[🔎] 1027723076.3004.8.camel@shawes> <[🔎] 20020727072033.GA25318@ursine.dyndns.org> <[🔎] 1027755395.1598.12.camel@europa> <[🔎] y68d6t9ut28.fsf@multics.mit.edu>

On Sat, 2002-07-27 at 10:46, David Z Maze wrote:
> vanillicat <vanilli@nycap.rr.com> writes:
> >
> > How about doing xhost + local:root ?
> 
> xhost is almost always the wrong answer.  Your proposed invocation
> would completely remove all access control to the X server; this would
> be Really Bad if the default Debian settings weren't to disallow
> direct remote X connections and now is just Somewhat Bad.  (Worse
> because the original questioner is proposing to do things as root, so
> there's obvious possibilities for attackers to pick up the root
> password with a connection to the X server.)
> 
> There are several good ways to run X applications as root which have
> come up on this list; I'd search the list archives.  'sudo' will let
> you run a single command as root (or another user), and does the right
> things to get X access.  There's also a 'sux' package which acts like
> normal su but also sets up the environment to run X commands.

As I've run into similar issues when trying to run the occasional
program while sued to root, I've found this thread to be good for new
suggestions.  I just tried the one method linked to in the Debian manual
(involving 00xfree86-common_environment .xenvironment) as it seemed a
little easier than setting up an /etc/sudoers file.  Unfortunately, it
borked X for me, so I guess I'll try sudo again.

That said, I'm genuinely confused about the previous way I did this
using "xhost + local:root" as mentioned.  Just doing "$ xhost" prints
this message:

access control enabled, only authorized clients can connect

I take this as a good sign, as it seems that access controls are in use.

Next, doing "$ xhost + local:root" as mentioned yields the following
message:

non-network local connections being added to access control list

Here's where I started getting confused, as it appears as though access
controls are still in use, but the local root user is now being added to
the list.  Doing "$ xhost" here tells me the following:

access control enabled, only authorized clients can connect
LOCAL

I don't understand how this means all access control to the x server has
been removed.

Doing "$ xhost -" just to make sure that access control is enabled gives
me:

access control enabled, only authorized clients can connect

and finally, doing "$ xhost" again gives me:

access control enabled, only authorized clients can connect
LOCAL:

Sudo strikes me as a more elegant way to do this, but I'm genuinely
confused as to how using xhost in this way removes all access controls.

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Some newbie questions
  - From: Osamu Aoki <debian@aokiconsulting.com>
- Re: Some newbie questions
  - From: Osamu Aoki <debian@aokiconsulting.com>

References:
- Some newbie questions
  - From: "Shea J. Hawes" <shawes@eou.edu>
- Re: Some newbie questions
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: Some newbie questions
  - From: vanillicat <vanilli@nycap.rr.com>
- Re: Some newbie questions
  - From: David Z Maze <dmaze@debian.org>

Prev by Date: Re: About to give up: No X after upgrade from Potato to Woody
Next by Date: Re: j2re1.3 and sid
Previous by thread: Re: Some newbie questions
Next by thread: Re: Some newbie questions
Index(es):
- Date
- Thread