The additional security warning is certainly warranted.
The "xhost + (name)" trick provided was specifically addressing the situation of the user's machine communicating with its' own display. For example, someone may have done calculations and configured an application to display results while in one location. It is not unusual to put one's machine to sleep, and travel to the next location expecting to everything to work as configured. The xhost + (newname) will allow one to fulfill that expectation with minimal headache.
As presented, this has nothing to do with connecting to another machine (such as can be done through an ssh tunnel), but it does have the potential to open your machine for attack from other machines. A little planning ahead as suggested in other posts can prevent the "self-identity" problem and maximize security in the first place, but many don't plan for something until they are actually faced with it.
Cheers,
Jim Nettles
On Mar 10, 2005, at 1:45 AM, Juan Courcoul wrote:
Do note that, of all, this is the weakest authentication possible with X11. While the ease of use might be very tempting, beware that you can fall afoul with even moderately proficient hackers this way. If security is not an issue to you or in your particular setting, enjoy the simplicity and don't attract attention.
.Xauthority improves the security issue by a small midgen. Safest bet is X11 tunnelling thru ssh with single or double-ended validation. A fairly useful discussion of things X11 and OSX (including ssh tunnelling use and setup) can be found here: http://developer.apple.com/darwin/runningx11.html
J. Courcoul
On Mar 4, 2005, at 2:34 PM, Jim Nettles wrote:
That is a good point.
If you do find yourself in that situation you can just
xhost + (newIP or name)
and you are back in business.
If you're behind an X firewall you can just
xhost +
(that was my situation)
Thanks,
Jim N.
On Mar 4, 2005, at 2:00 PM, mathias meyer wrote:
check out the xhost command:
NAME xhost - server access control program for X
SYNOPSIS xhost [[+-]name ...]
DESCRIPTION
The xhost program is used to add and delete host names or user names to
the list allowed to make connections to the X server.
hth
mathias
On 04.03.2005, at 07:51, Rick Slater wrote:
As I recall, if you check out the Preferences pane (Security option) for X11, it will tell you just that. Xauthority access may not work when the IP address changes.
Rick
On Mar 3, 2005, at 8:35 PM, Jim Nettles wrote:
My experience has been that if I start X11 at home and go to the lab I have the problem at the lab. If I keep X11 open and go back home - it works again. The same pattern, but reversed, occurs if I start it at the lab. I suspect that it is an IP issue. My hypothesis is that X11 starts in one location and sets authority associated with a particular localhost ID. When the machine goes to sleep and wakes up in a new location it has a new localhost ID, but X11 doesn't know that. Therefore the error.
Any validity to that hypothesis?
Jim Nettles On Mar 3, 2005, at 7:20 PM, Eric Lenio wrote:
I have a powerbook and use it in a similar way (never shut down, only sleep).
This same condition happened to me just last week. I didn't bother to
investigate much, I took the easy way and just restarted X11. I'm guessing
that $HOME/.Xauthority is getting corrupted, you may want to check the output
of "xauth list" and see if it makes sense... if you ssh to other machines from
X11 this may have an effect too on the .Xauthority file (depending on how you
configure ssh).
On Thu, Mar 03, 2005 at 11:48:07PM +0100, Clemence Magnien wrote:Hi all,
I use Apple's X11 and fink 0.23.5 on an Ibook.
I never shut my laptop down, I always put it to sleep (I feel this
is not the correct way of saying this but think you can understand
what I mean).
Sometimes, when I wake it up, all works fine, except that I cannot
create any new window anymore. When I try to launch anything (like
an xterm for instance), I get a message like this:
Xlib: connection to ":0.0" refused by server Xlib: No protocol specified
Error: Can't open display: :0.0
(except mozilla, which can launch new windows when it is already running)
The only difference I notice between the situations in which this problem
arises and the situations it does not, is that I think it happens only
when I'm at home (I use this laptop at two different workplaces and at
home). For a while I thought it might happen only when I am not connected
by ethernet, but this turns out to be false (I am connected now and it happens).
(a 'echo $DISPLAY' gives me :0.0 in bot cases).
I can usually solve the problem by putting the computer to sleep and
waking it up again. After a few times either everything goes fine or
X11 quits, and works fine when I launch it again. If I use the 'restart'
option in the menu I get by right-clicking on the background, it shuts
X11 down, whereas it only restarts it when all works fine.
I have found no mention of similar problems on the mailing list archive,
does anyone experience the same kind of problem? Note that this is only
a minor inconvenience, but I am curious to know if there is a way of
fixing this without having to launch X11 again (yes, I'm lazy).
Cheers, Clemence
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-users
________________________________________________________ Jim Nettles, Molecular Pharmacology Liotta/Snyder Group, Modeling Division, Department of Chemistry Emory University 1515 Pierce Dr. Atlanta, Ga. 30322 [EMAIL PROTECTED] TEL: (404)966-4617 FAX: (404)728-0991 ________________________________________________________
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Fink-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fink-users
