From owner-freebsd-questions Thu Feb 24 11:57:36 2000 Delivered-To: freebsd-questions@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id EB8E937C38A; Thu, 24 Feb 2000 11:57:29 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id LAA41772; Thu, 24 Feb 2000 11:57:15 -0800 (PST) (envelope-from dillon) Date: Thu, 24 Feb 2000 11:57:15 -0800 (PST) From: Matthew Dillon Message-Id: <200002241957.LAA41772@apollo.backplane.com> To: "A. Rakukin" Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: X authorization References: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :Hi to all, : :Would be grateful for help or explanation. I used to think that by default :nobody can run anything on my display. But now I revealed that it is enough :to export DISPLAY on remote host to access my xserver. 'xhost' on the server :(that has been accessed) says that : :access control enabled, only authorized clients can connect : :and nothing more. What is the possible source of the problem? :I have not customized any authorization mechanisms... :I run FreeBSD 3.4. : :Thank you, :Alex I'll bet you are using ssh. Your assumptions as to 'xhost' are correct. Just setting DISPLAY on machine B to point to machine A will not give machine B access to machine A's X display. Machine A must give machine B access, typically through the 'xhost' command. However, some programs will tunnel X sessions automatically. ssh is one of these. If you are sitting on machine A and you ssh to machine B, you will then be able to run X binaries on machine B and have them show up on machine A's display. The X protocol will run through the 'secure' ssh session. I don't know many people who do this, at least not between two local machines sitting on the same LAN, because running an X client through an encrypted ssh session tends to really slow down the client. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message