On Tue, Sep 18, 2007 at 08:01:43AM -0400, Damon Register wrote:
> Rasmus Plewe wrote:
>> If your local host is accepting this you have security holes you can
> I forgot that in my case all of this was between local computers inside
> the company network
The security concept of "I got a firewall, so I can open any hole I want
to on my computer" is, admittedly, often exercised, but nevertheless not
the recommended standard. ;-)
>> drive a truck through. But please, tell me the IP of your local machine,
> Now you have got me curious. I am often interested in learning. Can
> you please explain why?
In order for something like "DISPLAY=host:0.0" to work, you need to
grant remote, unauthenticated access to your X server (through something
like "xhost +"). That is something the X server was not designed to
handle securely. Think "keystroke logging" e.g..
>> so that I can send you embarrassing pictures on your screen when your
>> boss is standing behind you... ;-)
> Wait, let me go get my boss :-)
Then I would need the contact information of a coworker of yours inside
your firewall who might like to participate.
Seriously: lowering security for no good reason is never a good idea.
Even if it does not hurt immediately, it at least erodes people's
awareness of the importance of security[0]. You can get around your
problem by using ssh's X forwarding capabilities (-X or -Y), so there is
no need to open up your display.
In this case, the secure solution is also the more convenient one,
something that is rather rare. You should take advantage of it! :-)
Regards,
Rasmus
[0] Security risk #1: Administrator
Security risk #2: User
Security risk #3: OS
You may swap #1 and #2.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
