[vox-tech] Fwd: Trouble installing Matlab in Debian

Alex Mandel tech_dev at wildintellect.com
Wed Apr 8 23:11:51 PDT 2009 

I seem to recall it actually only worked for commands in that particular
terminal and stopped working as soon as it was closed. You do make a
good point about not leaving any doors open ever, which brings up the
question of why so many binary installers require root privilege and do
I really want to be giving them that considering I'm not sure where they
will stick files. Not to get into their reliance on graphical
installers, which is funny since in the case of oracle the installer was
the only reason we even installed X.


What a pain,
Alex

Bill Broadley wrote:
> Alex Mandel wrote:
>> As far as I can tell xhost+ only lasts for that x-session and can easily
> 
> Sure, but it lasts till logout which for many can be weeks, and even a minute
> is WAY too long.  Might as well set your root password to "password".  Say you
> open another window and type the user or root password.
> 
>> be reactivated with xhost-
> 
> There is no sane reason to ever do xhost +.  Keystrokes could be sniffed, or
> injected.  One might well inject something so quickly that within 1/10 th of a
> second they have added a backdoor to your machine and then cleared the screen.
> Although it is great fun when a newbie admin does it and you can torture him
> with various games/tricks, change his background to something embarassing,
> make his cursor unpredictable, xroaches, etc.
> 
>> And it is listed in your reference xhost+root, specifying the user never
>> worked for me, hence the blanket for all users.
> 
> xhost is for hostnames not usernames, so if you must (and you don't) use
> xhost +localhost.  Which while bad, is 100x better than xhost +.
> 
>> It also appears to be the preferred and most common solution for using
>> the oracle installer as it's quick and simple.
> 
> Many stupid practices are common, don't assume just because google has a bunch
> of hits for something that it's a good idea.  I'd never recommend it to
> someone that might not understand the full security implications of doing so.
> 
>> Ah yes export DISPLAY=:0.0 is also part of the solution but no most of
>> the stuff on the page you reference did not work in my case.
> 
> On most machines your DISPLAY will survive a su or a sudo (I just checked on
> my desktop), I'd suggest echo $DISPLAY before and after su/sudo to help
> troubleshoot.  If remote a echo $DISPLAY before and after a ssh.
> 
>> Thanks for the reference of ideas,
>> Alex

More information about the vox-tech mailing list