[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Simple little basic config questions



>   hb>   $ xhost +local
>   hb>   non-network local connection being added to access control list
>   hb>   $ su
>   hb>   Password:
>   hb>   #
> 
> Well this doesn't prove anything: you have to run an X application as
> root before you can know whether it worked or not.
> 
> This is still a bad idea, though, because anyone who can log into your
> box (via telnet or whatever) can access your X server.  And anyone who
> can access your X server can see every key you type, everything that
> appears on your screen, etc. etc.

Paul, you and Colin and Kent have persuaded me a) to use command line
when I'm doing maintenance as root, b) run sudo. So now I need to undo
the above. The man seems to suggest # xhost -local. Should that be
done again as user?

> It's not the default because, as above, it's a very insecure and silly
> thing to do.  If you were able to start X applications from the command
> line after running "su" on a Red Hat box, like this:
> 
>   $ su
>   Password:
> 
>   # xclock
> 
> then Red Hat must have opened up access to the X server, which is very,
> very bad.  I'm _SURE_ they've fixed this by now, if they ever did it at
> all.

I am persuaded.
 
> You should be reading Colin's posts: he's got the right answers.  Here
> are some notes which might help you:

I read your notes with interest, and indeed you helped clarify
things. Only now, I've got somehow to undo the xhost command I issued
before. 

Haines



Reply to: