[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some newbie questions

On Sat, 2002-07-27 at 10:46, David Z Maze wrote:
> vanillicat <vanilli@nycap.rr.com> writes:
> >
> > How about doing xhost + local:root ?
> xhost is almost always the wrong answer.  Your proposed invocation
> would completely remove all access control to the X server; this would
> be Really Bad if the default Debian settings weren't to disallow
> direct remote X connections and now is just Somewhat Bad.  (Worse
> because the original questioner is proposing to do things as root, so
> there's obvious possibilities for attackers to pick up the root
> password with a connection to the X server.)
> There are several good ways to run X applications as root which have
> come up on this list; I'd search the list archives.  'sudo' will let
> you run a single command as root (or another user), and does the right
> things to get X access.  There's also a 'sux' package which acts like
> normal su but also sets up the environment to run X commands.

As I've run into similar issues when trying to run the occasional
program while sued to root, I've found this thread to be good for new
suggestions.  I just tried the one method linked to in the Debian manual
(involving 00xfree86-common_environment .xenvironment) as it seemed a
little easier than setting up an /etc/sudoers file.  Unfortunately, it
borked X for me, so I guess I'll try sudo again.

That said, I'm genuinely confused about the previous way I did this
using "xhost + local:root" as mentioned.  Just doing "$ xhost" prints
this message:

access control enabled, only authorized clients can connect

I take this as a good sign, as it seems that access controls are in use.

Next, doing "$ xhost + local:root" as mentioned yields the following

non-network local connections being added to access control list

Here's where I started getting confused, as it appears as though access
controls are still in use, but the local root user is now being added to
the list.  Doing "$ xhost" here tells me the following:

access control enabled, only authorized clients can connect

I don't understand how this means all access control to the x server has
been removed.

Doing "$ xhost -" just to make sure that access control is enabled gives

access control enabled, only authorized clients can connect

and finally, doing "$ xhost" again gives me:

access control enabled, only authorized clients can connect

Sudo strikes me as a more elegant way to do this, but I'm genuinely
confused as to how using xhost in this way removes all access controls.

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: