Date: Thu, 24 Feb 2000 11:57:15 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: "A. Rakukin" <rakukin@mail.ru> Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: X authorization Message-ID: <200002241957.LAA41772@apollo.backplane.com> References: <E12O4Et-0001Zs-00@f4.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
:Hi to all,
:
:Would be grateful for help or explanation. I used to think that by default
:nobody can run anything on my display. But now I revealed that it is enough
:to export DISPLAY on remote host to access my xserver. 'xhost' on the server
:(that has been accessed) says that
:
:access control enabled, only authorized clients can connect
:
:and nothing more. What is the possible source of the problem?
:I have not customized any authorization mechanisms...
:I run FreeBSD 3.4.
:
:Thank you,
:Alex
I'll bet you are using ssh.
Your assumptions as to 'xhost' are correct. Just setting DISPLAY on
machine B to point to machine A will not give machine B access to
machine A's X display. Machine A must give machine B access, typically
through the 'xhost' command.
However, some programs will tunnel X sessions automatically. ssh is
one of these. If you are sitting on machine A and you ssh to machine B,
you will then be able to run X binaries on machine B and have them show
up on machine A's display. The X protocol will run through the
'secure' ssh session.
I don't know many people who do this, at least not between two local
machines sitting on the same LAN, because running an X client through
an encrypted ssh session tends to really slow down the client.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002241957.LAA41772>