On Fri, 10 Dec 2004, Conor Wynne wrote:
>> while true ; do
>> xmessage -display $YOURDISPLAY:0.0 "xhost+ is a bad idea"
>> done
>> Thats what I was wondering about,
Its a great way to render the display unuseable. A certain colleague
of mine at a previous job used to have xhost + in his xsession or
somesuch, and when nagging him about the security risks failed to get
him to change this (significant risks too, given the data we had
access to), I kept running the above shell loop until he got sick of
clicking on 'ok'.
Actually, in his case I used:
for 1 100 ; do xmessage ... ; done
The above 'while' loop would certainly kill the X server soon enough,
while the latter is just very annoying.
> its one of my customer, and it was Oracle saying this. I questioned
> why but didn't get an answer.
If its a customer, I would *not* recc'd to them to disable x access
control unless I were certain their X server was in an otherwise
secure environment.
> I'll let them know that ;-0
You might also want to tell them to specify "-nolisten tcp" to
disable network access, if they disable access control - but if
they want to disable access control, its almost certain they /do/
want network access.
NB: A /secure/ way to do this would be to use ssh's X forwarding.
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Don't get suckered in by the comments -- they can be terribly misleading.
Debug only code.
-- Dave Storer
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
