Ok, so if xkibitz is being used to share console with
me, I have to allow other host with xhost +. Is there
any better/more_secure way to do so? Moreover does
xhost + get reset (meaning xhost -) after say
suspend/wake_up?
Thx, Martin
--- Anders Johansson
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run
On Thursday 22 May 2003 00.14, Ken Schneider wrote: the machine only be
displayed there.
xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself.
It also allows programs to read from the X server, which as Chris pointed out can let a program sniff your keyboard.
If you turn off X authentication even only from localhost, if someone should break into your machine through a service running as a "non-priviledged" user like "nobody", they might be able to sniff your X session, and get important data, and perhaps even your root password.
It is a security problem, and since there are tools so you don't have to use it, there really is no reason for it.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com