Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Aug 2000 00:53:52 -0700
From:      "Crist J . Clark" <cjclark@reflexnet.net>
To:        freebsd-questions@freebsd.org
Cc:        cjclark@alum.mit.edu, freebsd-security@freebsd.org
Subject:   Re: Disabling xhost(1) Access Control
Message-ID:  <20000830005352.I62475@149.211.6.64.reflexcom.com>
In-Reply-To: <3799.967621138@axl.fw.uunet.co.za>; from sheldonh@uunet.co.za on Wed, Aug 30, 2000 at 09:38:58AM %2B0200
References:  <20000829234451.G62475@149.211.6.64.reflexcom.com> <3799.967621138@axl.fw.uunet.co.za>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 30, 2000 at 09:38:58AM +0200, Sheldon Hearn wrote:
> 
> On Tue, 29 Aug 2000 23:44:51 MST, "Crist J . Clark" wrote:
> 
> > Is there such a way to do this (aside 'rm /usr/bin/xhost' and setting
> > all user writable filesystems noexec)? This is for xdm(1) setups and
> > not necessarily xinit(1).
> 
> I think that this question was more appropriate to the freebsd-questions
> mailing list.

It'd be best on an X list, but I've not found one with enough
signal-to-noise or enough baseline signal.

> The answer to your question lies in the Xserver(1) manual page, in the
> form of the -ac option.

No, that is precisely the behavior I do not want.

       -ac     disables  host-based  access  control  mechanisms.
               Enables  access  by any host, and permits any host
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
               to modify  the  access  control  list.   Use  with
               extreme caution.  This option exists primarily for
               running test suites remotely.

Xserver(1) and Xsecurity(1) talk about how to use xauth over xhost,
but not how to lock out use of xhost.
-- 
Crist J. Clark                           cjclark@alum.mit.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000830005352.I62475>