Mailinglist Archive: opensuse (4749 mails)

< Previous Next >
Re: [SLE] xhost
  • From: Anders Johansson <andjoh@xxxxxxxxxx>
  • Date: Thu, 22 May 2003 02:31:11 +0200
  • Message-id: <200305220231.11426.andjoh@xxxxxxxxxx>
On Thursday 22 May 2003 00.14, Ken Schneider wrote:
> It would only be dangerous if he used xhost + and I'm convinced of that
> either. It does NOT allow remote programs to run the machine only be
> displayed there.
>
> xhost +localhost only allows "X" applications to display on the -local-
> display from the -localhost- ,the machine itself.

It also allows programs to read from the X server, which as Chris pointed out
can let a program sniff your keyboard.

If you turn off X authentication even only from localhost, if someone should
break into your machine through a service running as a "non-priviledged" user
like "nobody", they might be able to sniff your X session, and get important
data, and perhaps even your root password.

It is a security problem, and since there are tools so you don't have to use
it, there really is no reason for it.


< Previous Next >
Follow Ups