Date: Wed, 21 Mar 2001 19:14:54 +0300 (MSK) From: Alexey Koptsevich <kopts@astro.ioffe.rssi.ru> To: "Crist J . Clark" <cjclark@reflexnet.net> Cc: security@freebsd.org Subject: Re: Disabling xhost(1) Access Control Message-ID: <Pine.BSF.4.21.0103211909180.3763-100000@astro.ioffe.rssi.ru> In-Reply-To: <Pine.BSF.4.21.0103211908570.3763-100000@astro.ioffe.rssi.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Christ, I also think about disabling xhost and wonder which solution have you chosen -- modifying Xserver source offered later in the thread? Actually, "-nolisten tcp" is a nice idea, but I would like X to run from the server on all "Xterminals", and of course "X -query" fails that way... Thanks, Alex > I want users to use user-level X access controls, that is, xauth(1) > and the magic cookies. I do NOT want people using xhost(1) access > controls. > > FreeBSD's XFree86 (unlike so many other X dists) defaults to enabling > xauth. The problem is, it does not prevent lusers from still doing > things like put 'xhost +' in their .login and defeating the > system. (Grrrr...) > > I've been searching and cannot find a way to disable xhost(1) level > access. And I mean disabling as in defaulting to everything locked out > as opposed to defaulting to wide open. If a user were to 'xhost +' it > would not open things up. > > Is there such a way to do this (aside 'rm /usr/bin/xhost' and setting > all user writable filesystems noexec)? This is for xdm(1) setups and > not necessarily xinit(1). > -- > Crist J. Clark cjclark@alum.mit.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103211909180.3763-100000>