Re: Some newbie questions
On Sat, 2002-07-27 at 10:46, David Z Maze wrote:
> vanillicat <vanilli@nycap.rr.com> writes:
> >
> > How about doing xhost + local:root ?
>
> xhost is almost always the wrong answer. Your proposed invocation
> would completely remove all access control to the X server; this would
> be Really Bad if the default Debian settings weren't to disallow
> direct remote X connections and now is just Somewhat Bad. (Worse
> because the original questioner is proposing to do things as root, so
> there's obvious possibilities for attackers to pick up the root
> password with a connection to the X server.)
>
> There are several good ways to run X applications as root which have
> come up on this list; I'd search the list archives. 'sudo' will let
> you run a single command as root (or another user), and does the right
> things to get X access. There's also a 'sux' package which acts like
> normal su but also sets up the environment to run X commands.
As I've run into similar issues when trying to run the occasional
program while sued to root, I've found this thread to be good for new
suggestions. I just tried the one method linked to in the Debian manual
(involving 00xfree86-common_environment .xenvironment) as it seemed a
little easier than setting up an /etc/sudoers file. Unfortunately, it
borked X for me, so I guess I'll try sudo again.
That said, I'm genuinely confused about the previous way I did this
using "xhost + local:root" as mentioned. Just doing "$ xhost" prints
this message:
access control enabled, only authorized clients can connect
I take this as a good sign, as it seems that access controls are in use.
Next, doing "$ xhost + local:root" as mentioned yields the following
message:
non-network local connections being added to access control list
Here's where I started getting confused, as it appears as though access
controls are still in use, but the local root user is now being added to
the list. Doing "$ xhost" here tells me the following:
access control enabled, only authorized clients can connect
LOCAL
I don't understand how this means all access control to the x server has
been removed.
Doing "$ xhost -" just to make sure that access control is enabled gives
me:
access control enabled, only authorized clients can connect
and finally, doing "$ xhost" again gives me:
access control enabled, only authorized clients can connect
LOCAL:
Sudo strikes me as a more elegant way to do this, but I'm genuinely
confused as to how using xhost in this way removes all access controls.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: