Date: Thu, 6 Jul 1995 03:00:18 +0930 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: karl@bagpuss.demon.co.uk (Karl Strickland) Cc: msmith@atrad.adelaide.edu.au, lix@cs.pdx.edu, current@freebsd.org, questions@freebsd.org Subject: Re: your mail Message-ID: <199507051730.DAA17916@genesis.atrad.adelaide.edu.au> In-Reply-To: <199507050901.KAA08086@bagpuss.demon.co.uk> from "Karl Strickland" at Jul 5, 95 10:01:59 am
next in thread | previous in thread | raw e-mail | index | archive | help
Karl Strickland stands accused of saying: > > > Don't listen to anyone who says that you should use xhost; it's out of > > date and a security risk. My apologies for not being clearer; I was on a slow link, and typing the extra was too much like hard work 8) My intention was to ward off the inevitable "use xhost +" advice, which is a great way to make yourself vulnerable. > Just to clarify - are you saying that xhost based security does not perform > the function it is supposed to (ie only allow clients from certain hosts > to connect to the server)? Or are you saying that the above does not provide > adequate security when there is more than one user on a given machine? As far as I am aware, xhost performs its intended function, however it's intended function leaves certain windows of vulnerability, as you point out above. As such, I don't recommend it, particularly when Xauthority is so easily implemented. > Karl -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] My car has "demand start" - Terry Lambert [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507051730.DAA17916>