From owner-freebsd-questions@FreeBSD.ORG Thu Feb 3 01:00:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3239216A4CE for ; Thu, 3 Feb 2005 01:00:50 +0000 (GMT) Received: from out009.verizon.net (out009pub.verizon.net [206.46.170.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75E0C43D39 for ; Thu, 3 Feb 2005 01:00:34 +0000 (GMT) (envelope-from leblanc@keyslapper.org) Received: from keyslapper.org ([68.163.158.177]) by out009.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20050203010033.QEQP4172.out009.verizon.net@keyslapper.org> for ; Wed, 2 Feb 2005 19:00:33 -0600 Received: from localhost (localhost [127.0.0.1]) by keyslapper.org (Postfix) with ESMTP id 73A2A117F2 for ; Wed, 2 Feb 2005 20:00:32 -0500 (EST) Received: from keyslapper.org ([127.0.0.1]) by localhost (keyslapper.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25747-05 for ; Wed, 2 Feb 2005 20:00:32 -0500 (EST) Received: by keyslapper.org (Postfix, from userid 1001) id 15E4D11636; Wed, 2 Feb 2005 20:00:32 -0500 (EST) Date: Wed, 2 Feb 2005 20:00:31 -0500 From: Louis LeBlanc To: freebsd-questions@freebsd.org Message-ID: <20050203010031.GC24792@keyslapper.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <20050202210526.GC77499@keyslapper.net> <42014E0A.5070003@mac.com> <20050202221851.GE77499@keyslapper.net> <20050202224322.GF77499@keyslapper.net> <20050202234814.GA24792@keyslapper.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ghzN8eJ9Qlbqn3iT" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://www.keyslapper.net/~leblanc/leblanc-at-keyslapper-net.asc User-Agent: Mutt/1.5.6i X-Virus-Scanned: amavisd-new at keyslapper.net X-Authentication-Info: Submitted using SMTP AUTH at out009.verizon.net from [68.163.158.177] at Wed, 2 Feb 2005 19:00:33 -0600 Subject: Re: xhost +localhost X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 01:00:50 -0000 --ghzN8eJ9Qlbqn3iT Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 02/03/05 01:10 AM, Gert Cuykens sat at the `puter and typed: > > I assume this refers to the root window. Surely you're not logged > > into X as root. >=20 > no i am just logged as a user into X and my user name is the same as > root :) Lets call it the user root window. >=20 > > Try this: > > check your DISPLAY environment variable with > > echo $DISPLAY > > make sure it's ':0.0' or something similar, like :0.0, then > > run this: > > /usr/X11R6/bin/xscreensaver -display $DISPLAY & > >=20 > > That should do what you're trying to do. > >=20 > > Lou > > -- >=20 > I# /usr/X11R6/bin/xscreensaver -display $DISPLAY > xscreensaver: 01:02:41: locking is disabled (running as nobody). > xscreensaver: 01:02:41: locking only works when xscreensaver is launched > by a normal, non-privileged user (e.g., not "root".) > See the manual for details. >=20 > man the xscreensaver thingie isnt kidding about it... That's your whole problem. It is widely considered a Very Bad Thing to log into X as root. Xscreensaver refuses to run there because it calls external programs, which it gives free reign within it's access limitations. If xscreensaver were running as root, these extermal programs would therefore run as root, and should any of them be written with certain malicious, or even just errant code, your secure box could do anything from implode due to a bad disk access in the boot sector, to hang it's kiester right out the internet for all to see and poke and prod. And they WILL poke and prod. xscreensaver is the only such program that comes to mind that tries to protect you in this way, but think of all the other programs you run: your wm, all those utilities, the calculator, and the list goes on. Not all of these are part of the OS, most are "contrib" code, which means they were written by people outside the official team for whatever project you got it with. That doesn't mean it's not good code, most of it is excellent at the very least, but it doesn't always have the same rigorous testing cycle, and it is almost NEVER written to run as root. And a process intended to run as root DOES get structured differently. I *VERY* strongly recommend you create a real user, call it gert or cuykens, or the name of your box, or whatever you want and DON'T add it to every group and give it admin privileges. Using root for anything but administrative use or accessing restricted resources is a huge security hole. Cheers. Lou --=20 Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Key fingerprint =3D C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Secretary's Revenge: Filing almost everything under "the". --ghzN8eJ9Qlbqn3iT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCAXevr4Wi/oDI2aIRAphcAJ43bwc9FfbFsrCCrWDWYNwjp0s9nwCeL+Lj 3Z+FKRZjEivcx+wIxXTHOks= =xn6a -----END PGP SIGNATURE----- --ghzN8eJ9Qlbqn3iT--