Re: X11 server connection

["nate" <debian-user@aphroland.org>]

Karsten M. Self said:

>> #export DISPLAY=localhost:0.0
>> $xhost +localhost
>
> Very bad idea.  This opens your X session to any user.  If you're using a
> truly brain-dead configuration, this means any host which can see yours on
> the network can read or write your X connection.

I don't understand why this is bad.. I mean xhost + is usually a bad
idea but xhost +some_address should restrict it to that one address.

of course if you have multiple users on the same machine it's a bad
idea, my systems are generally single user(at least systems with X).

but I still have to resort to using xhost +some_address for systems
that don't have ssh(it can be a real bitch to get ssh working on
some platforms(strictly non-linux/bsd speaking).

my former employer makes a popular commercial X server/thin client
solution, and at least at one point(not sure if they fixed it) the
system ran by default without any access controls(xhost +), though
the X server did not listen for TCP connections so you had to be
on the same machine in order to do anything. I was really suprised
when they said that, they acted like it wasn't anything bad :/
especially since the software was used on thin clients, usually
multiple users logged in at once. I don't think customers ever
noticed/complained even.

nate