Re: restrict x server access with xhost

To: debian-user@lists.debian.org
Subject: Re: restrict x server access with xhost
From: David Z Maze <dmaze@debian.org>
Date: Tue, 24 Jun 2003 12:34:17 -0400
Message-id: <[🔎] 87of0n4epi.fsf@cag.lcs.mit.edu>
In-reply-to: <[🔎] 3EF7FF72.9080902@pusspaws.net> (David selby's message of "Tue, 24 Jun 2003 08:36:18 +0100")
References: <[🔎] 3EF7FF72.9080902@pusspaws.net>

David selby <debian@pusspaws.net> writes:

> I can enable other users to log into my x server with xhost +, I need
> to do this because I want ro run a program via user web crontab which
> uses xmessage.

Uh, there's no better solution at all?  With the default Debian
settings, the X server doesn't listen on a TCP port anyways, and so
xhost is pretty useless.  'xhost +' makes it possible for ANY USER
ANYWHERE IN THE WORLD to access your X server, spy on your keystrokes,
capture passwords you type into xterms, that sort of thing: you
*really* don't want to do it.

> Idealy I would like only root user to be able to access my x server
> ... (less users who can access it, more secure ... rule of thumb) so I
> tried ...

...having some way for the cron job to figure out who the user logged
into :0.0 is, and setting the XAUTHORITY environment variable to
/home/$THATUSER/.Xauthority before running the job.

You might read the Remote-X-Apps mini-HOWTO, which discusses X
security controls in some detail.

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

Follow-Ups:
- Re: restrict x server access with xhost
  - From: David selby <debian@pusspaws.net>

References:
- restrict x server access with xhost
  - From: David selby <debian@pusspaws.net>

Prev by Date: Re: .Xclients, .xinitrc, .xsessions not read by sys what to use?
Next by Date: Re: Evolution
Previous by thread: restrict x server access with xhost
Next by thread: Re: restrict x server access with xhost
Index(es):
- Date
- Thread