[vox-tech] xhost+: Why you should NEVER DO THAT
Peter Jay Salzman
p at dirac.org
Fri Mar 18 08:54:16 PST 2005
On Fri 18 Mar 05, 8:42 AM, Rick Moen <rick at linuxmafia.com> said:
> Quoting Peter Jay Salzman (p at dirac.org):
>
> > If my firewall blocks tcp/udp ports 6000-6007, can you tell me how my x11
> > events can be captured by someone other than my lovely wife and cat?
>
> I have little to add to Jeff Newmiller's excellent answer, except that
> I breathe easier knowing that we don't trust our own home LAN any more
> than we would the Internet. Among other things, this let us add
> wireless without any change to the house's security model, because we
> hadn't placed reliance on perimeter protection, in the first place.
True enough. True enough.
That said, I never used "xhosts +" (or whatever it) in my life, but I do
remember "Redhat Unleashed" a long, long time ago (back in the RH 5.1 days)
recommended it.
I never needed to back then because ssh -X always seemed to "work".
However, it should be pointed out that once someone gets access to your LAN,
even ssh, sshd and gnupg are all suspects.
Pete
--
Save Star Trek Enterprise from extinction: http://www.saveenterprise.com
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
More information about the vox-tech
mailing list