On Wednesday 1 August, 2001, Jens Benecke wrote:
> On Tue, Jul 31, 2001 at 01:29:08PM -0700, Andrew wrote:
>
> > Thanks, that worked.
> > -Andrew
>
> WARNING: when you add 'xhost +localhost' or similar that means that ANY
> local users (i.e. users logged onto your machine) will be able to use your
> X display.
>
> And 'use' means e.g. typing 'rm -rf $HOME' into an xterm that you might
> have open just then.
this is a strange statement. simply setting xhost to allow any
connections from localhost absolutely does not give another user the
ability to delete your files or to *remotely* push or echo text into
your xterm session.
if a user can type into *your* xterm window then obviously they can do
everything you can. but, they would have to be at your console, which
you unfortunately abandoned without locking the screen. just allowing
access from localhost does not give every other user logged on to that
machine the same privileges you enjoy. it simply means they can
display windows on that display and can also grab images of that
display (see xwd). while the latter is a definite security issue, the
former just means your friends will be popping pr0n onto your screen
at inopportune times.
cheers,
-p
_______________________________________________
Win4Lin-users mailing list
[EMAIL PROTECTED]
https://lists.netraverse.com/mailman/listinfo/win4lin-users
