Duncan,
It may be small consolation, but stop and think how useless it is
for a remote user to open a window on your linux box. He can't
operate it except from the main console/mouse (I trust you have
those secured with guard dogs and land mines, at least, right? :-).
Well, he can close it again with ^c. And you can close it from the
console.
No real harm, just a bit of disruption.
Possibly you can use xauthority to restrict access to the server.
You can take a cheap shot at discouraging this sort of thing by
bracketing the line in /etc/profile (if you use bash) that adds X11
to the path, like so:
if (tty |grep tty[1-6]); then
PATH="$PATH:/usr/X11/bin:$OPENWINHOME/bin:/usr/games:."
fi
Your telnet user can still start X by saying,
/usr/X11/bin/Xinit -- /usr/X11/bin/X
but he probably won't do that just by accident. This will also
disrupt xdm logins as they are run on a pty same as telnet sessions,
so xsession or ~/.xsession would have to have the full paths for
X commands, or fail.
I was going to suggest xdm, but I found to my horror that once
someone is logged in to it, _anybody_ on the local machine can
start X clients by setting DISPLAY and using a full path, even
by telnet. There's bound to be something in the X security empire
to deal with this, if only I live long enough to plough through it
all. It is, after all, X's security problem, not telnet's.
FWIW
Lawson
___________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com/getjuno.html
or call Juno at (800) 654-JUNO [654-5866]
