On Wed, Jun 30, 2021 at 09:33:37AM -0400, Polyna-Maude Racicot-Summerside wrote: > Hi,
[...] > I was the stupid and dumb person who started talking about "the classic > way" of authentication using X11. Uh, whatever. I don't think you're stupid. I don't think *you* think you're stupid. So I'm ignoring that :) > I am so sorry to have had the wrong idea of telling someone that > learning the "classic way" of authentication with X11 [...] > Another user added that "xhost +x" can be used if there's a > authentication problem. As one of the "things to try". FWIW, I don't think it's "wrong". But if people use it, they should understand the implications. The X protocol isn't the most secure out there. BTW: the problematic thing is called "xhost +", not "xhost +x", which won't work... tomas@trotzki:~$ xhost + x xhost: bad hostname "x" ...unless there's a host in your network named "x" :-) Further, I don't think things are as bleak as Greg put them, since by default, X doesn't listen on the network these days, but only on a local Unix socket anyway. The attacker would have to have access to the local machine. Security-wise there's bigger fish to fry out there (automount, anyone?). So I don't agree 100% with Greg, and I agree even less with the way he put it (pointing out the issues might be more productive than shouting), but he /has/ a point. Cheers - t
signature.asc
Description: Digital signature