Rich Cook wrote:
> "Let anybody connect to my X server and do anything they want, from any
> machine."
Just to be clear - this includes capturing all keystrokes and mouse
movements, even if you have "secured" or "grabbed" your keyboard to
prevent snooping. There are utilities out there that will easily grab
your passwords and such as you type them into X11 sessions.
> This is VERY VERY VERY VERY BAD!
> At LEAST change it to
> xhost machinename
> so you aren't allowing anyone on any machine. This allows anyone on
> machinename to do anything they want to you. :-) Slightly better.
> Best is to use ssh tunneling, or at least xauth.
One way to think of this is to never use the '+' character with the
xhost. You never need to us it, since "xhost machine" does the same
thing as "xhost +machine".
And only use "xhost" to test a security issue, never to assure access on
a day-to-day basis.
(Sometimes I wonder if Apple should hide the "xhost" binary in a hard to
find place that's not in a user's PATH.)
-Sean
__
email@hidden
925-422-1648
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/x11-users/email@hidden
This email sent to email@hidden
