On Tuesday 03 November 2009 10:03:46 walter harms wrote: > Glynn Clements schrieb: > > strat...@telenet.be wrote: > >> On multiseat/multi-users system there are multiple users logged in via > >> gdm.Problem is that a user can start programs or take over a display > >> from another user.How to prevent this?I have read about > >> mit-magic-cookie but did not found a howto. > > > > Use user-based ("xauth") access control rather than host-based ("xhost"). > > > > This should be the default if the server is started by a display > > manager, unless you explicitly allow host-based access via xhost > > (which you shouldn't do for a multi-user system). > > > > I can't comment on GDM specifically (I don't use it, and the > > documenation is silent on this issue), but it's possible that either > > GDM or the default startup scripts perform the equivalent of > > "xhost +local:" or "xhost +inet:localhost". > > i do not understand the problem. how do you connect to the server ? > Normaly each user should have a separate session or uses every user the > same login ? > > the most easy way is to use "X :0 -query server" and become an > X11-Terminal. The other way is the login using ssh -X host and export the > gfx. > > re, > wh > > > > _______________________________________________ > xorg mailing list > xorg@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/xorg
It is one computer where several users are logged in with gdm.Every users get's a mit-magic-cookie in his xauthority file. But one user can still starts programs as xterm on another users'display with for example:DISPLAY=2.0 xterm how to prevent this? I tried to generate an magic cookie for the display 2.0 untrusted but still can start prigrams from for example display 1.0 on display 2.0. _______________________________________________ xorg mailing list xorg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg