Matthew Garrett wrote: > On Fri, Aug 24, 2007 at 04:49:02PM -0700, Spencer, Bob wrote: >> Matthew Garrett wrote: >>> By the way - never do this on any computer connected to the >>> internet, especially if your X server is configured to listen for >>> TCP connections. >> >> Thanks -- can you give me a secure good replacement? I tried "$ >> xhost +localhost" but couldn't get the target terminal to connect. > > A somewhat (though not perfectly) safer way of doing this is to > launch Xephyr in your host system with the -ac argument. This > disables access control for Xephyr, which should let you connect from > inside the target chroot. Anyone with access to your system will be > able to watch anything you do inside the Xephyr session, but that's > much less likely to cause you security issues.
We did this originally, but with the new "xinit" script we are not able to run the UI inside Xephyr run from the workstation terminal. The command we run now is: xinit /etc/X11/xinit/xinitrc -- /usr/bin/Xephyr :2 -host-cursor -screen 1024x600x32 -dpi 96 -ac Suggestions on how to fix this back to the previous way would be nice and not require us to re-install Xephyr every time we make a target. Bob > > Ideally, generate an authentication file inside the development > environment and then run Xephyr with the -auth argument to tell it to > use that authentication file. That way there's a shared secret > between the clients and Xephyr, which prevents any information > leakage. -- Ubuntu-mobile mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
