[vox-tech] xhost+: Why you should NEVER DO THAT

Peter Jay Salzman p at dirac.org
Fri Mar 18 08:54:16 PST 2005


On Fri 18 Mar 05,  8:42 AM, Rick Moen <rick at linuxmafia.com> said:
> Quoting Peter Jay Salzman (p at dirac.org):
> 
> > If my firewall blocks tcp/udp ports 6000-6007, can you tell me how my x11
> > events can be captured by someone other than my lovely wife and cat?
> 
> I have little to add to Jeff Newmiller's excellent answer, except that 
> I breathe easier knowing that we don't trust our own home LAN any more
> than we would the Internet.  Among other things, this let us add
> wireless without any change to the house's security model, because we
> hadn't placed reliance on perimeter protection, in the first place.
 
True enough.  True enough.

That said, I never used "xhosts +" (or whatever it) in my life, but I do
remember "Redhat Unleashed" a long, long time ago (back in the RH 5.1 days)
recommended it.

I never needed to back then because ssh -X always seemed to "work".

However, it should be pointed out that once someone gets access to your LAN,
even ssh, sshd and gnupg are all suspects.

Pete

-- 
Save Star Trek Enterprise from extinction: http://www.saveenterprise.com

GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D


More information about the vox-tech mailing list