"Writing a tips article is tricky. Especially for such a hallowed and 'hardcore' distribution as Slackware. Veteran users want incredibly good tips. New users considering giving Slack a whirl, and who may be afraid of the BSD-style and command line mystique, want tips that bring accessibility and understanding to Slackware. Find that balance here. From simple bash techniques, to assuring your anonynimity on public Wi-Fi, this article will walk you through the Slackware tips most valuable to you."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:Even if you are not paranoid, it doesn't mean they're not after you. ;-)
"xhost" is *defenetly* a bad idea!
The wrong idea with "xhost" is that it is "hostbound", like rhosts and rsh/rlogin/...
This should not be used!
Whats wrong with using *secure* tools?
"xauth" is more secure than "xhost" because it is "userbound" and "ssh -X root@localhost" is even more secure and even *more convinient*.
Please take a look at http://www.tldp.org/HOWTO/Remote-X-Apps.html
The big risk with "xhost" is that the machine doesn't have to authenticate itself, in contrast to userbound authenication.
*Every* user on a accepted machine can abuse the X-Server: nobody, root, crackerjack, whatever.
But why bother with beeing logged in: Lets rename my machine, so it is allowd to mess with the X-Server.
Doesn't work? Let's send forged packages, that will do...
Even "xhost +localhost" is a bad idea, because it opens a gaping security hole.
Use "xauth" or "ssh -X root@localhost". If you generate ssh keys you can even log into root *without* password. This is *secure* (!) as long as you keep your privat ssh key secure.
Though I don't recommend this, it is much better than using "xhost".
Member since:
You're right, perhaps to paranoid
xhost also allows connection from a specific host, I think this would be better: xhost +`cat /etc/HOSTNAME`