[arch] Tonight's discovery
Askadar
askadar at hvk-gymnasium.de
Sun Dec 10 19:42:13 EST 2006
Am Sonntag, 10. Dezember 2006 19:35 schrieb Thomas Bächler:
> Mircea Bardac schrieb:
> > started googling. The magical solution, converted from a solaris
> > implementation:
> > $ xhost +local:
> > non-network local connections being added to access control list
> > and so... local applications can connect via unix sockets to the X
> > server.
>
> This is a huuuuuge security risk. If an attacker would somehow gain
> access to your local system (be it through a vulnerable service running
> as user nobody or as a legitimate user with ssh login), he could connect
> to your X server and read all your keystrokes, for example all passwords
> your type.
> Use Xauthority based authentication instead. To give the user root
> access to the X server, all you need is to set
> XAUTHORITY=/home/youruser/.Xauthority.
Why do it the hard way? Just get sux from AUR, use it instead of su, and
voila: you are done.
- Askadar
More information about the arch
mailing list