connection to ":0.0" refused by server
Wed, 14 Jul 1999 09:28:54 -0700
Chris Waters wrote:
> First of all, do *not* follow the advice that someone else posted of
> using "xhost +". This is a *major* security hole. In fact, the xhost
> program is pretty much nothing but a security hole. (RH probably
> either does this or the slightly less insane "xhost +localhost" by
> default, which is still extremely bad.)
> Instead, browse /usr/doc/X11/FAQ, paying particular attention to the
> question labeled: "How do I run an X client as root when the X session
> is run by a user?" Or, if you want all the gorey details, read the
> xauth(1x) man page.
I do want to know the gorey details, and thanks for pointing this out. I am
using the XAUTHORITY environment variable as they suggest. While it requires a
bit of typing after su'n to the new user, it is the reccomended way.
I'll have to read up on it later.
They do mention what a major security violoation it is to use xhost.
The thing that blows my mind is that I *KNOW* Solaris doesn't handle that at
all, because I do run Solaris x86 from time to time at home.
The fact that Red Hat allows this while nobody else does kinda bothers me. Now
the opposite question, how can I prevent my Red Hat from doing that?
> A quote from the FAQ:
Yes, I did read that. I think a simple script that sets the XAUTHORITY
envionment variable on the command line is best, since it doesn't leave
anything in the environment after the execution is done.
Software Orchestration, Inc.