l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2005 Mar 21 18:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] xhost+: Why you should NEVER DO THAT
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] xhost+: Why you should NEVER DO THAT



I really wanted to get off of this topic but I will defend myself.  Did
anyone read my original post?:

[snip]
>    $xhost +
>
> *but* this will work only if your local computer is connected directly to
> the Internet.
>
> The better way is to use ssh with the -X option to connect to the remote
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> computer in the first place.  Not only does ssh setup the X forwarding for
> you automatically (not need to do "export blah blah" or "xhost blah blah"
> or be concerned about not being connected directly to the Internet), but
> your connection will be secure.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[snip]

The reason I mentioned xhost is because that's the direction John was
headed in his original attempted solution.  Then I mentioned ssh because
it is what he *should* use.  Perhaps I should have emphasized security
more, but I resent the notion that I gave a bad advice.

Since we discussed this topic to death I'd like to ask that this thread be
stopped at this point.

-Mark


On Mon, 21 Mar 2005, Dmitriy wrote:

> On Friday 18 March 2005 02:18, Karsten M. Self wrote:
> > Mark Kim apparently insists on dispersing bad advice regarding use of
> > xhost + to allow remote X11 access.
> >
>
> I agree that it's a bad advice.
>
> When user needs that advice, he likely doesn't know intricacies of X enough to
> know which situations are acceptable to use "xhost +" in, and and which ones
> are not.
>
> User will probably end up thinking "x access problems? == xhot +!".
>
> And this applies to other technical answers too. While it might be easier to
> say "oh just do it in the insecure way, you are safe in your circumstances",
> user will likely remember solution, and possibly offer it as advice to
> someone else without full understanding of security implications.
>
> Or perhaps someone else searching archives and thinking his problem might be
> similar. He tries "xhost +", and voila, it worked. Except he was sitting in a
> university lab with open xports. Boo.
>
> Again, both of this scenarios are very undesirable.  So please avoid advice
> that can very easily be harmful to people.  Remember that there are archives
> that show up on google, and different people are likely to have slightly
> different circumstance, and not everyone is fully aware of security
> implications. (And even if next email explains alternatives and implications,
> user who has a problem is not going to bother reading it all, 95% of the
> time. Trust me)
>
> --
> Dmitriy - LUGOD VP
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

-- 
Mark K. Kim
AIM: markus kimius
Homepage: http://www.cbreak.org/
Xanga: http://www.xanga.com/vindaci
Friendster: http://www.friendster.com/user.php?uid=13046
PGP key fingerprint: 7324 BACA 53AD E504 A76E  5167 6822 94F0 F298 5DCE
PGP key available on the homepage
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!