Hi Alan, Thanks for the reply. I'm sorry, but I don't really understand X Windows security or the lack thereof, so I'll have to spend some time grokking this xhost business. :) In any event, it sounds like what you're saying is that this error is not a problem with Tcl, Tk, or PLplot, but rather a legitimate security hole that is either uncommon or doesn't exist at all on other Linux distros, but evidently does exist in Ubuntu Karmic Koala (at least, it does on my machine...I wonder what would happen if I'd done a clean install instead of an upgrade from Jaunty Jaguar). Is that correct? In that case, I suppose my queries should be redirected at the Ubuntu maintainers. :)
All the best, David On Mon, 2009-11-16 at 17:16 -0800, Alan W. Irwin wrote: > On 2009-11-16 18:04-0500 David A. Ventimiglia wrote: > > > Hello, > > > > When I try to use the Tk driver, I get the error "X server insecure", > > which is pasted into the email below. How do I get around this? This > > is on Ubuntu Linux 9.10 "Karmic Koala", a Debian-package managed system. > > When I search for this error in Google, I find this wiki.tcl.tk page > > that was last updated in 2003: > > > > http://wiki.tcl.tk/1829 > > > > There's some finger-wagging about insecure systems, and then it seems to > > recommend doing some minor surgery, removing hosts using this script: > > > > #!/bin/sh > > for host in 'xhost | sed 1d' ; do > > echo removing $host from access control list > > xhost -$host > > done > > echo removing general access from access control list > > xhost - > > > > > > While that works, it seems a little strange that I have to do this just > > to run a Tcl/Tk application, and it gives me pause if I consider > > building an "Extended WISH" that uses Tk, as described in the PLplot > > documentation. > > > > What does the PLplot community recommend in this situation? > > Hi David: > > Good question. > > "man xhost" says it implements rudimentary X security. Of course, that is > only the case if you use xhost to turn off all access (other than your own) > which the above script appears to do. Because running the above script on > Ubuntu karmic apparently makes a difference, that means karmic has > configured xhost by default in a way that is blatently insecure (at least if > there is any network access to your system). > > The above script makes no difference on my own Debian stable system, i.e., > access control is turned on. I don't recall fiddling with xhost (before > today) so I think this actually happened during Debian stable installation, > and I am surprised that apparently is not the case for Ubuntu karmic. > > Anyhow, I am glad for your sake that you discovered the Ubuntu karmic xhost > security hole via your use of the PLplot Tk driver. At least now you have > some rudimentary X security via the above script. > > Alan > __________________________ > Alan W. Irwin > > Astronomical research affiliation with Department of Physics and Astronomy, > University of Victoria (astrowww.phys.uvic.ca). > > Programming affiliations with the FreeEOS equation-of-state implementation > for stellar interiors (freeeos.sf.net); PLplot scientific plotting software > package (plplot.org); the libLASi project (unifont.org/lasi); the Loads of > Linux Links project (loll.sf.net); and the Linux Brochure Project > (lbproject.sf.net). > __________________________ > > Linux-powered Science > __________________________ > -- David A. Ventimiglia <venti...@msu.edu> Michigan State University ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Plplot-general mailing list Plplot-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/plplot-general
