Hiho! Brent Johnson schrieb: >>I run the risk of having files like .Xauthority pop up, world >>readable, opening a huge security hole. > Just for my info, why is this a huge security hole?
Everybody who can read your .Xauthority file can connect to your
running X-Session (remote or local) which means that he can display
your desktop contents and observe every keystroke you type (i.e. log
your ssh/afs/Kerberos passwords) if the XFree Ports are open (TCP Port
6000 and above). Depending on how your X-Server and other involved
Software is configured, this opens your account to the whole wide
world (worst case) or at least (!) to anybody who can log on to your
machine.
Since xauth and some other software check if ~/.Xauthority is a
symlink in some cases, it is not as easily possible to use a symlink
pointing to e.g. ~/.restricted/.Xauthority or something.
On the other hand, i don't see a problem with having "system:anyuser
l" on $HOME and putting world readable files in $HOME/.readable
("system:anyuser" rl) and symlink them to the appropriate places.
Your $HOME should definitely *not* be world-readable in afs. There's
too much stuff in there that is intended to remain private.
Regards
Friedel
--
Friedrich Delgado Friedrichs <[EMAIL PROTECTED]>
Laziness led to the invention of the most useful tools.
msg05388/pgp00000.pgp
Description: PGP signature
