Re: Remote X
Re: Remote X
- Subject: Re: Remote X
- From: Anne Briais <email@hidden>
- Date: Tue, 19 Oct 2004 23:45:38 +0200
Scary!
I'm used to work behind reliable (I hope) firewalls so I thought the
number of machines was limited to my local networks (including Solaris
machines).
But if I don't use xhost I can't open any window!
Anyway, sorry for the poor recommendation.
Thanks to both.
Anne
Le 19 oct. 04, à 23:31, Sean Ahern a écrit :
Rich Cook wrote:
"Let anybody connect to my X server and do anything they want, from
any
machine."
Just to be clear - this includes capturing all keystrokes and mouse
movements, even if you have "secured" or "grabbed" your keyboard to
prevent snooping. There are utilities out there that will easily grab
your passwords and such as you type them into X11 sessions.
This is VERY VERY VERY VERY BAD!
At LEAST change it to
xhost machinename
so you aren't allowing anyone on any machine. This allows anyone on
machinename to do anything they want to you. :-) Slightly better.
Best is to use ssh tunneling, or at least xauth.
One way to think of this is to never use the '+' character with the
xhost. You never need to us it, since "xhost machine" does the same
thing as "xhost +machine".
And only use "xhost" to test a security issue, never to assure access
on
a day-to-day basis.
(Sometimes I wonder if Apple should hide the "xhost" binary in a hard
to
find place that's not in a user's PATH.)
-Sean
__
email@hidden
925-422-1648
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden