Xlib error
Robert Brockway
rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Thu Jan 27 15:35:50 UTC 2005
On Wed, 26 Jan 2005, John Vetterli wrote:
> Well, disabling access control with "xhost +" is considered to be
> insecure, since then anybody who can access your machine's port 6000 (or
Yes, xhost + is a bad idea.
> 6001, or 6002, etc. depending on how many X servers you have running)
> could then put their windows on your display, destroy windows that your
> applications are using, take snapshots of your desktop (maybe), or
Definitely - xwd can be used to do this. Stealing keystrokes is another
possibility. I used to have a piece of reference code that would steal
keystrokes from an insecure X desktop. I seem to have misplaced it.
> change your wallpaper to pictures of Michael Jackson. So "xhost -" is
> the default.
These days X11 forwarding over ssh can be used to allow secure remote
access anyway. Only do this if you trust the admins on the remote box
though. The rule of only using a box if you trust the admins should hold
anyway.
Rob
--
Robert Brockway B.Sc.
Senior Technical Consultant, OpenTrend Solutions Ltd.
Phone: 416-669-3073 Email: rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org http://www.opentrend.net
OpenTrend Solutions: Reliable, secure solutions to real world problems.
Contributing Member of Software in the Public Interest (http://www.spi-inc.org)
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list