[vox-tech] vim question
Rick Moen
vox-tech@lists.lugod.org
Tue, 12 Nov 2002 23:18:29 -0800
Quoting Michael Wenk (mikewenk@attbi.com):
> Hmm, I was just about to say... :-)
>
> Yes the others will work, xhost tho, IMO is the fastest and requires the
> least effort. And I agree that xhost + is not a good way to go, in fact,
> you may want to go a bit further and do an xhost +root@localhost
>
> I forget if xhost assumes wildcards, but why take chances, if you're
> explicit, then you lessen the risk.
For what it's worth, the xhost manpage says that the name following the
"+" may be either a hostname or a username.
Prior to reading your post attentively _and_ reading the manpage, I had
been mislead by a recent thread on debian-security where one of the
regulars swore up and down that (quoting) "xhost is _host_ based access
control, so of course xhost +username doesn't work!"
You can see posts from that thread at
http://linuxmafia.com/~rick/linux-info/root-with-x11 , where your post
is now immortalised at the end.
And here, all these years, I've been eschewing xhost as a hopeless
security risk. Well, I learned something today.
--
Cheers, Right to keep and bear
Rick Moen Haiku shall not be abridged
rick@linuxmafia.com Or denied. So there.