[arch] Tonight's discovery
Thomas Bächler
thomas.baechler at gmx.de
Sun Dec 10 19:35:55 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mircea Bardac schrieb:
> started googling. The magical solution, converted from a solaris
> implementation:
> $ xhost +local:
> non-network local connections being added to access control list
> and so... local applications can connect via unix sockets to the X server.
This is a huuuuuge security risk. If an attacker would somehow gain
access to your local system (be it through a vulnerable service running
as user nobody or as a legitimate user with ssh login), he could connect
to your X server and read all your keystrokes, for example all passwords
your type.
Use Xauthority based authentication instead. To give the user root
access to the X server, all you need is to set
XAUTHORITY=/home/youruser/.Xauthority.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFfKfrEda5KzHP/VARAnugAJ0Zw820APf3i+7DgdyqlrkYJumV8QCePT3A
PiBfiw7jVZmGGskxPb5suUk=
=5RIQ
-----END PGP SIGNATURE-----
More information about the arch
mailing list