Will Lowe wrote: > On Tue, 7 Jul 1998 [EMAIL PROTECTED] wrote: > > > Unless explicitly told to do so using xhost, X does not allow anybody > > other than the person who started it to open windows on its desktop, > > not even root. I could never figure out the proper syntax for xhost, > > however, so I usually end up just using 'xhost +' which disables all > > access control and then 'xhost -' when I'm done. > > That's pretty insecure. I've seen instances where people on our campus > (admittedly, a large one with relatively insecure systems anyway) have > had other people connect to their X displays because they'd done the > "xhost +" bit. Generally more a nuisance than a real security concern, > but still... "xhost + locahost" is only marginally more secure ... with > that one, just anyone on the x machine can connect ... so on a system > which distributes campus email, that's a few thousand people here... > > Go for "sudo".
Actually, it's potentially much more than a nuisance. An X client can capture all your keystrokes. You do the math. To just allow root to run an X app when you logged in as someone other than root do: chilin$ su Password: chilin# export XAUTHORITY=$(echo /var/lib/xdm/authdir/authfiles/*) This way you can log access the server using the xauth data which only you and root have access to. Neato. Try it! -- Jens B. Jorgensen [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
