[vox-tech] xhost+: Why you should NEVER DO THAT
Peter Jay Salzman
p at dirac.org
Fri Mar 18 08:54:16 PST 2005
On Fri 18 Mar 05, 8:42 AM, Rick Moen <rick at linuxmafia.com> said:
> Quoting Peter Jay Salzman (p at dirac.org):
> > If my firewall blocks tcp/udp ports 6000-6007, can you tell me how my x11
> > events can be captured by someone other than my lovely wife and cat?
> I have little to add to Jeff Newmiller's excellent answer, except that
> I breathe easier knowing that we don't trust our own home LAN any more
> than we would the Internet. Among other things, this let us add
> wireless without any change to the house's security model, because we
> hadn't placed reliance on perimeter protection, in the first place.
True enough. True enough.
That said, I never used "xhosts +" (or whatever it) in my life, but I do
remember "Redhat Unleashed" a long, long time ago (back in the RH 5.1 days)
I never needed to back then because ssh -X always seemed to "work".
However, it should be pointed out that once someone gets access to your LAN,
even ssh, sshd and gnupg are all suspects.
Save Star Trek Enterprise from extinction: http://www.saveenterprise.com
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
More information about the vox-tech