Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Remote X

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote X

Subject: Re: Remote X
From: Sean Ahern <email@hidden>
Date: Tue, 19 Oct 2004 14:31:20 -0700
Mail-followup-to: Rich Cook <email@hidden>, Anne Briais <email@hidden>, email@hidden

Rich Cook wrote:
> "Let anybody connect to my X server and do anything they want, from any
> machine."

Just to be clear - this includes capturing all keystrokes and mouse
movements, even if you have "secured" or "grabbed" your keyboard to
prevent snooping.  There are utilities out there that will easily grab
your passwords and such as you type them into X11 sessions.

> This is VERY VERY VERY VERY BAD!
> At LEAST change it to
> xhost machinename
> so you aren't allowing anyone on any machine.  This allows anyone on
> machinename to do anything they want to you.  :-)  Slightly better.
> Best is to use ssh tunneling, or at least xauth.

One way to think of this is to never use the '+' character with the
xhost.  You never need to us it, since "xhost machine" does the same
thing as "xhost +machine".

And only use "xhost" to test a security issue, never to assure access on
a day-to-day basis.

(Sometimes I wonder if Apple should hide the "xhost" binary in a hard to
find place that's not in a user's PATH.)

-Sean

__
email@hidden
925-422-1648
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)

This email sent to email@hidden

References:
	>Re: Remote X (From: Anne Briais <email@hidden>)
	>Re: Remote X (From: Rich Cook <email@hidden>)

Prev by Date: Re: Remote X
Next by Date: Re: Remote X
Previous by thread: Re: Remote X
Next by thread: Re: Remote X
Index(es):
- Date
- Thread