Re: X-windows security in Gnome



> Jim also says (regarding using "xhost +"):
>    One response is "don't do that"; but that is a bit of a cop-out, IMHO.

Not really. If you are not using pure encrypted connections any idiot can
take over your session. Anyone can see what you are doing and in any
business environment with the slightest notion of security requirements I'd
hope people got into trouble for it.

Xsecurity is useful but primarily for things like combining with NSA
seclinux and RSBAC to do compartmentalising of application sets. Also it
might not be a bad idea if mozilla partitioned its plugins that way a bit
more.

xhost + is generally dumb
export DISPLAY=someotherbox:0 is generally dumb too






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]