Re: X-windows security in Gnome

From: Alan Cox <alan redhat com>
To: Brian Cameron Sun COM
Cc: otaylor redhat com, gnome-hackers gnome org
Subject: Re: X-windows security in Gnome
Date: Fri, 17 May 2002 07:36:52 -0400 (EDT)

> Jim also says (regarding using "xhost +"):
>    One response is "don't do that"; but that is a bit of a cop-out, IMHO.

Not really. If you are not using pure encrypted connections any idiot can
take over your session. Anyone can see what you are doing and in any
business environment with the slightest notion of security requirements I'd
hope people got into trouble for it.

Xsecurity is useful but primarily for things like combining with NSA
seclinux and RSBAC to do compartmentalising of application sets. Also it
might not be a bad idea if mozilla partitioned its plugins that way a bit
more.

xhost + is generally dumb
export DISPLAY=someotherbox:0 is generally dumb too

Follow-Ups:
- Re: X-windows security in Gnome
  - From: Jim.Gettys

References:
- Re: X-windows security in Gnome
  - From: Brian Cameron

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]