From owner-freebsd-security Sat Feb 26 7:28:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from mout1.freenet.de (mout1.freenet.de [62.104.201.3]) by hub.freebsd.org (Postfix) with ESMTP id C1EB837BCC2; Sat, 26 Feb 2000 07:28:01 -0800 (PST) (envelope-from netchild@leidinger.net) Received: from [62.104.201.6] (helo=mx0.freenet.de) by mout1.freenet.de with esmtp (Exim 3.13 #1) id 12Oj8O-0003uL-00; Sat, 26 Feb 2000 16:27:56 +0100 Received: from [213.6.171.130] (helo=Magelan.Leidinger.net) by mx0.freenet.de with esmtp (Exim 3.13 #3) id 12Oj8O-00021E-00; Sat, 26 Feb 2000 16:27:56 +0100 Received: from Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.9.3/8.9.3) with ESMTP id QAA02773; Sat, 26 Feb 2000 16:24:14 +0100 (CET) (envelope-from netchild@Leidinger.net) Message-Id: <200002261524.QAA02773@Magelan.Leidinger.net> Date: Sat, 26 Feb 2000 16:24:13 +0100 (CET) From: Alexander Leidinger Subject: Re: Re[2]: X authorization To: rakukin@mail.ru Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 26 Feb, A. Rakukin wrote: [CC striped] > sshd is not running on the host which has been accessed... > I am aware of the X-connections forwarding ability of ssh, > but it is not the case... [...] > I know that xhost is insecure. But it worked earlier! > And now I have a situation as follows: I merely start X (via xdm) on host A, > no windows/commands there, then go to host B, > type `export DISPLAY=A:0; xterm' and see xterm window > opened on the display of A! Then test `xhost' on A and see no hosts allowed... Is your ${HOME} shared between those hosts? What does "xauth list" print (don't post it here, look at it carefully by yourself)? Bye, Alexander. -- Sarcasm is just one of the many services we offer. http://www.Leidinger.net Alexander+Home @ Leidinger.net Key fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message