Often, I find I must enter xhost +local host in my user's terminal. Is
there any way I can automatically add local host to access control list
so that I don't get an error message every time I install software I've
downloaded with YAST or every time I call up red carpet?
Thanks
--
Dennis Tuchler
I am not sure if this is the best way, but I added a line xhost +localhost to the .xinitrc file of my normal user. Dennis Tuchler wrote:
Often, I find I must enter xhost +local host in my user's terminal. Is there any way I can automatically add local host to access control list so that I don't get an error message every time I install software I've downloaded with YAST or every time I call up red carpet?
Thanks
On Wed, 2003-05-21 at 17:54, Mike Rothon wrote:
I am not sure if this is the best way, but I added a line
xhost +localhost
to the .xinitrc file of my normal user.
Dennis Tuchler wrote:
Often, I find I must enter xhost +local host in my user's terminal. Is there any way I can automatically add local host to access control list so that I don't get an error message every time I install software I've downloaded with YAST or every time I call up red carpet?
Thanks
if you are on a network that could be dangerous
I am not sure if this is the best way, but I added a line
xhost +localhost
to the .xinitrc file of my normal user.
Dennis Tuchler wrote:
Often, I find I must enter xhost +local host in my user's terminal. Is there any way I can automatically add local host to access control
On Wed, 2003-05-21 at 17:54, Mike Rothon wrote: list
so that I don't get an error message every time I install software I've downloaded with YAST or every time I call up red carpet?
Thanks
if you are on a network that could be dangerous
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run the machine only be displayed there. xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself. Ken
* Ken Schneider (kschneider@rtsx.com) [030521 15:10]:
if you are on a network that could be dangerous
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run the machine only be displayed there.
Right, like the X client that puts a 1 pixel dot on your screen and records your key strokes. It's a bad idea, especially when there are tools like /usr/X11R6/bin/sux that make it completely unecessary. -- -ckm
Christopher Mahmood wrote:
It's a bad idea, especially when there are tools like /usr/X11R6/bin/sux that make it completely unecessary.
Could you please give more detail about this because there is no man entry and the --help is a bit short on this? Thank you in advance! Patrick
* Patriiiiiiiiiick (pat.suse@advalvas.be) [030521 16:37]:
Christopher Mahmood wrote:
It's a bad idea, especially when there are tools like /usr/X11R6/bin/sux that make it completely unecessary.
Could you please give more detail about this because there is no man entry and the --help is a bit short on this?
sux behaves pretty much just like su but uses xauth to set the cookie in the .Xauthority file. E.g., ckm@hades:~ 12> sux -c xterm Password: starts an xterm as root. ckm@hades:~ 12> sux - Password: hades:~ # whoami root starts a login shell, etc. xauth has it's own problems although it's vastly better than xhost. E.g. the cookie isn't encrypted so, in theory, anyone who can read your .Xauthority file could retreive it. All of the XOpenDisplay problems that exist with xhost (reading keystrokes and window contents, creating windows, etc.) still exist if that happens. -- -ckm
On Thursday 22 May 2003 00.14, Ken Schneider wrote:
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run the machine only be displayed there.
xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself.
It also allows programs to read from the X server, which as Chris pointed out can let a program sniff your keyboard. If you turn off X authentication even only from localhost, if someone should break into your machine through a service running as a "non-priviledged" user like "nobody", they might be able to sniff your X session, and get important data, and perhaps even your root password. It is a security problem, and since there are tools so you don't have to use it, there really is no reason for it.
Ok, so if xkibitz is being used to share console with
me, I have to allow other host with xhost +. Is there
any better/more_secure way to do so? Moreover does
xhost + get reset (meaning xhost -) after say
suspend/wake_up?
Thx, Martin
--- Anders Johansson
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run
On Thursday 22 May 2003 00.14, Ken Schneider wrote: the machine only be
displayed there.
xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself.
It also allows programs to read from the X server, which as Chris pointed out can let a program sniff your keyboard.
If you turn off X authentication even only from localhost, if someone should break into your machine through a service running as a "non-priviledged" user like "nobody", they might be able to sniff your X session, and get important data, and perhaps even your root password.
It is a security problem, and since there are tools so you don't have to use it, there really is no reason for it.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Wed, 2003-05-21 at 20:31, Anders Johansson wrote:
On Thursday 22 May 2003 00.14, Ken Schneider wrote:
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run the machine only be displayed there.
xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself.
It also allows programs to read from the X server, which as Chris pointed out can let a program sniff your keyboard.
If you turn off X authentication even only from localhost, if someone should break into your machine through a service running as a "non-priviledged" user like "nobody", they might be able to sniff your X session, and get important data, and perhaps even your root password.
It is a security problem, and since there are tools so you don't have to use it, there really is no reason for it.
Except for running "X" programs from a server that is in another city/town or another state, "remote administration". Thats why you DO NOT use it through the internet and ONLY on local lans. Ken
Thanks for the insight, and sorry to have misled that poor user. I did have another thought that might be more secure and based on how I do remote administration on my home network.... Could you use something like: ssh -X root@localhost to get a root login with X privileges? Mike. Ken Schneider wrote:
On Wed, 2003-05-21 at 20:31, Anders Johansson wrote:
On Thursday 22 May 2003 00.14, Ken Schneider wrote:
It would only be dangerous if he used xhost + and I'm convinced of that either. It does NOT allow remote programs to run the machine only be displayed there.
xhost +localhost only allows "X" applications to display on the -local- display from the -localhost- ,the machine itself.
It also allows programs to read from the X server, which as Chris pointed out can let a program sniff your keyboard.
If you turn off X authentication even only from localhost, if someone should break into your machine through a service running as a "non-priviledged" user like "nobody", they might be able to sniff your X session, and get important data, and perhaps even your root password.
It is a security problem, and since there are tools so you don't have to use it, there really is no reason for it.
Except for running "X" programs from a server that is in another city/town or another state, "remote administration".
Thats why you DO NOT use it through the internet and ONLY on local lans.
Ken
participants (9)
-
Anders Johansson
-
Christopher Mahmood
-
Dennis Tuchler
-
Hartmut Meyer
-
Illustre Orman
-
Ken Schneider
-
Martin
-
Mike Rothon
-
Patriiiiiiiiiick