If you are running an Xserver with export DISPLAY=WWW.XXX.YYY.ZZZ:0.0 it is possible to use another user's display to make your tasks appear there - simply by using their IP address. This could be useful - but it can also be annoying when some abuse it. How can it be prevented? TIA -- Alan Davies Head of Computing Birkenhead School
Again, without specifics I can't help too much, but look at 'xhost' and 'xauth' to see how you can handle X authentication. I can't offer much more help, because I don't use it much here. On Monday 26 March 2001 2:19 pm, Alan Davies wrote:
If you are running an Xserver with
export DISPLAY=WWW.XXX.YYY.ZZZ:0.0
it is possible to use another user's display to make your tasks appear there - simply by using their IP address.
This could be useful - but it can also be annoying when some abuse it.
How can it be prevented?
TIA
-- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
If you are running an Xserver with
export DISPLAY=WWW.XXX.YYY.ZZZ:0.0
it is possible to use another user's display to make your tasks appear there - simply by using their IP address.
This could be useful - but it can also be annoying when some abuse it.
An X server can use various methods to restrict clients. The simplist is xhost, which allows restriction by IP address. There is also what is called the MIT cookie mechanism, usually employed on workstations using XDM. Tell us a bit more about how your system is configured. -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
Configured?...... It just works like this. You imply some degree of 'control' and knowledge which I don't possess! Client is usually a PC from which the user makes a telnet sesssion to the LINUX box to start a task - and also runs an Xserver (the free MIX one) locally. We also use Acorn clients which connect via xdm. But anyone can seemingly 'send' tasks to the screen. On Mon 26 Mar, Mark Evans wrote:
If you are running an Xserver with
export DISPLAY=WWW.XXX.YYY.ZZZ:0.0
it is possible to use another user's display to make your tasks appear there - simply by using their IP address.
This could be useful - but it can also be annoying when some abuse it.
An X server can use various methods to restrict clients.
The simplist is xhost, which allows restriction by IP address. There is also what is called the MIT cookie mechanism, usually employed on workstations using XDM.
Tell us a bit more about how your system is configured.
-- Alan Davies Head of Computing Birkenhead School
Configured?...... It just works like this. You imply some degree of 'control' and knowledge which I don't possess!
Client is usually a PC from which the user makes a telnet sesssion to the LINUX box to start a task - and also runs an Xserver (the free MIX one) locally.
These kind of X servers tend to default to allowing connections from anywhere. (Which is a rather different situation from the default on a unix type system.)
We also use Acorn clients which connect via xdm. But anyone can seemingly 'send' tasks to the screen.
You'll need to check the documentation for the specific servers you are using. It should certainly be possible to use either xhost or xauth with them, but the exact details of how you do it are implimentation specific. -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
participants (3)
-
Alan Davies
-
Gary Stainburn
-
Mark Evans