19 Feb
2004
19 Feb
'04
22:50
Örn Hansen
torsdag 19 februari 2004 21:44 skrev Alexandr Malusek:
Never use xhost, copy the cookie :-)
From "man xauth":
xauth extract - $DISPLAY | rsh otherhost xauth merge -
And with that, every script kiddie who knows how to use a sniffer has direct access to your X terminal.
Note that if he uses the XDMCP protocol then his username and password travel from hostA to hostB un-encrypted. A discussion about the security of the command above is therefore irrelevant - the network must be trusted anyway. -- A.M.