connection to ":0.0" refused by server

[Alan DuBoff]

Chris Waters wrote:

> First of all, do *not* follow the advice that someone else posted of
> using "xhost +".  This is a *major* security hole.  In fact, the xhost
> program is pretty much nothing but a security hole.  (RH probably
> either does this or the slightly less insane "xhost +localhost" by
> default, which is still extremely bad.)
> 
> Instead, browse /usr/doc/X11/FAQ, paying particular attention to the
> question labeled: "How do I run an X client as root when the X session
> is run by a user?"  Or, if you want all the gorey details, read the
> xauth(1x) man page.

I do want to know the gorey details, and thanks for pointing this out. I am
using the XAUTHORITY environment variable as they suggest. While it requires a
bit of typing after su'n to the new user, it is the reccomended way.

I'll have to read up on it later.

They do mention what a major security violoation it is to use xhost.

The thing that blows my mind is that I *KNOW* Solaris doesn't handle that at
all, because I do run Solaris x86 from time to time at home.

The fact that Red Hat allows this while nobody else does kinda bothers me. Now
the opposite question, how can I prevent my Red Hat from doing that?

> A quote from the FAQ:

Yes, I did read that. I think a simple script that sets the XAUTHORITY
envionment variable on the command line is best, since it doesn't leave
anything in the environment after the execution is done.

Thanks!

-- 

Alan DuBoff
Software Orchestration, Inc.