On Tuesday, May 27, 2003 3:49 am, Jarmo Paavilainen wrote: > On Tue, 2003-05-27 at 08:55, Zippo wrote: > > I am running Xfree-4.3.0 on LFS. Everything works fine other then when i > > start the X server as a user then try to run a program as root, thought > > terminial it won't load i get the error message: > > > > whateverprogram: cannot connect to X server > > xhost + > > before you "su" to root in the terminal window. Do not "su -" as then > you will loose some used enviroment variables.
Beware. "xhost +" is quite dangerous: It completely disables authentication, so now anybody in the world who cares to can connect to your X server and start screwing with your display. As an example of why this isn't desirable, if you have a Tk window up, someone can convince it to pass arbitrary Tcl code up to the interpreter to be executed as you. I think that's right... I mean, I've done similar with my own programs in the past, and Tk relies entirely on the X server to do authentication (which it normally can be trusted to do). But even if I'm dead wrong about Tcl/Tk, it's at the very least possible to do keystroke monitoring, which can very easily lead to captured passwords and the same exploit. If you're the only person capable of logging in as root, everybody capable of logging into X trusts you (well, they don't have a choice, hehehe), and you never log into xdm as root (or run startx as root), I think you can make ~root/.Xauthority a symlink to ~/.Xauthority, where ~root is root's home and ~ is user's home. I do this. :^) If it's a bad idea, would someone please enlighten the both of us? I'm sure there are better ways, ways much more "proper", but I don't know even half the ins and outs of X authentication. Also, "xhost + localhost" isn't good either, because it makes the assumption that there's exactly one user per computer. At my school, we have some X servers, and whenever you sit down at one and telnet (ick, why not ssh?) to a UNIX server to run some real programs, that server is granted host access, so all nine hundred billion users get access to you. Personally, I like to turn my neighbors' mouse pointers into Gumby or the USS Enterprise, when I'm not running "while [ 1 ]; do xsetroot -solid black; xsetroot -solid white; done". -- Andy Goth | [EMAIL PROTECTED] | http://ioioio.net/ End communication. _______________________________________________ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
