On 06/09/2008, at 12:49 PM, jam wrote:
On Saturday 06 September 2008 09:44:12 [EMAIL PROTECTED] wrote:
I need to understand X authorization so if anybody can explain to a
bear of little brain :-)
Once-upon-a-time xhost + would allow anybody to write to your
display.
That is no longer true
What makes you think that? There have been some changes to X
security
over the years, but the fundamental mechanisms are still in place...
saturn is a CentOS 5 machine:
[eeyore] /home/jam [53]% ssh -X saturn xhost +
access control disabled, clients can connect from any host
[eeyore] /home/jam [54]% export DISPLAY=saturn:0 && xmessage hello
world
Error: Can't open display: saturn:0
argh. WRONG WRONG WRONG.
xhost also uses X protocol to modify the access control, so all your
first command did was disable access control in your client's X server
(on eeyore?, not on saturn).
The reason why xhost + doesn't seem to work on a lot of linux systems
is that TCP sessions are disabled by default in most deployments
(forcing you to use unix domain sockets), forcing you to use a X11
protocol forwarder (such as ssh) to get to the Xserver.
If security is not a concern, start the X server on saturn with -ac so
access control is disabled completely in that server rather than
trying to xhost it.
C.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html