From owner-freebsd-current  Wed Jul  5 11:14:28 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA29898
          for current-outgoing; Wed, 5 Jul 1995 11:14:28 -0700
Received: from mail.barrnet.net (mail.barrnet.net [131.119.246.7])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA29885
          ; Wed, 5 Jul 1995 11:14:26 -0700
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by mail.barrnet.net (8.6.10/MAIL-RELAY-LEN) with ESMTP id KAA20832; Wed, 5 Jul 1995 10:28:20 -0700
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.9/8.6.9) id DAA17916; Thu, 6 Jul 1995 03:00:19 +0930
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199507051730.DAA17916@genesis.atrad.adelaide.edu.au>
Subject: Re: your mail
To: karl@bagpuss.demon.co.uk (Karl Strickland)
Date: Thu, 6 Jul 1995 03:00:18 +0930 (CST)
Cc: msmith@atrad.adelaide.edu.au, lix@cs.pdx.edu, current@freebsd.org,
        questions@freebsd.org
In-Reply-To: <199507050901.KAA08086@bagpuss.demon.co.uk> from "Karl Strickland" at Jul 5, 95 10:01:59 am
Content-Type: text
Content-Length: 1319      
Sender: current-owner@freebsd.org
Precedence: bulk

Karl Strickland stands accused of saying:
> 
> > Don't listen to anyone who says that you should use xhost; it's out of
> > date and a security risk.

My apologies for not being clearer; I was on a slow link, and typing the
extra was too much like hard work 8)

My intention was to ward off the inevitable "use xhost +" advice, which 
is a great way to make yourself vulnerable.

> Just to clarify - are you saying that xhost based security does not perform
> the function it is supposed to (ie only allow clients from certain hosts
> to connect to the server)?  Or are you saying that the above does not provide
> adequate security when there is more than one user on a given machine?

As far as I am aware, xhost performs its intended function, however it's
intended function leaves certain windows of vulnerability, as you point
out above.  As such, I don't recommend it, particularly when Xauthority 
is so easily implemented.

> Karl

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and                                      [[
]] realtime instrument control          (ph/fax) +61-8-267-3039         [[
]] My car has "demand start" - Terry Lambert                            [[