On Tue, Sep 18, 2007 at 08:01:43AM -0400, Damon Register wrote:
If your local host is accepting this you have security holes you can I forgot that in my case all of this was between local computers inside
Rasmus Plewe wrote: the company network
The security concept of "I got a firewall, so I can open any hole I want to on my computer" is, admittedly, often exercised, but nevertheless not the recommended standard. ;-)
drive a truck through. But please, tell me the IP of your local machine, Now you have got me curious. I am often interested in learning. Can you please explain why?
In order for something like "DISPLAY=host:0.0" to work, you need to grant remote, unauthenticated access to your X server (through something like "xhost +"). That is something the X server was not designed to handle securely. Think "keystroke logging" e.g..
so that I can send you embarrassing pictures on your screen when your boss is standing behind you... ;-) Wait, let me go get my boss :-)
Then I would need the contact information of a coworker of yours inside your firewall who might like to participate. Seriously: lowering security for no good reason is never a good idea. Even if it does not hurt immediately, it at least erodes people's awareness of the importance of security[0]. You can get around your problem by using ssh's X forwarding capabilities (-X or -Y), so there is no need to open up your display. In this case, the secure solution is also the more convenient one, something that is rather rare. You should take advantage of it! :-) Regards, Rasmus [0] Security risk #1: Administrator Security risk #2: User Security risk #3: OS You may swap #1 and #2. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org