On Thursday 22 May 2003 00.14, Ken Schneider wrote:
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run the machine only be displayed there.
xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself.
It also allows programs to read from the X server, which as Chris pointed out can let a program sniff your keyboard. If you turn off X authentication even only from localhost, if someone should break into your machine through a service running as a "non-priviledged" user like "nobody", they might be able to sniff your X session, and get important data, and perhaps even your root password. It is a security problem, and since there are tools so you don't have to use it, there really is no reason for it.