From owner-freebsd-questions Thu Feb 24 18:36:50 2000 Delivered-To: freebsd-questions@freebsd.org Received: from sprout.cgf.net (adsl-207-215-8-122.dsl.snfc21.pacbell.net [207.215.8.122]) by hub.freebsd.org (Postfix) with ESMTP id D9F0937BD7F; Thu, 24 Feb 2000 18:36:46 -0800 (PST) (envelope-from tomb@cgf.net) Received: from cgf.net (localhost.cgf.net [127.0.0.1]) by sprout.cgf.net (8.9.3/8.9.3) with ESMTP id SAA02074; Thu, 24 Feb 2000 18:36:50 -0800 (PST) (envelope-from tomb@cgf.net) Message-ID: <38B5EAC2.5063CC6@cgf.net> Date: Thu, 24 Feb 2000 18:36:50 -0800 From: tom brown Organization: Badger Baisters (We do it with Lard) X-Mailer: Mozilla 4.61 [en] (X11; U; FreeBSD 3.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: "A. Rakukin" Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: X authorization References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "A. Rakukin" wrote: > Hi to all, > > Would be grateful for help or explanation. I used to think that by default > nobody can run anything on my display. But now I revealed that it is enough > to export DISPLAY on remote host to access my xserver. 'xhost' on the server > (that has been accessed) says that > > access control enabled, only authorized clients can connect > > and nothing more. What is the possible source of the problem? > I have not customized any authorization mechanisms... > I run FreeBSD 3.4. > > Thank you, > Alex > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message If you are realy bothered by this you could apply IPFW filters to ports between 6000-6100 to prevent any connection to the X system. I think that there is also a kerberos token based scheme of athentication. I've never used it but details are at : http://www.xfree86.org If you want to know more about the vunerabilites of X: http://packetstorm.securify.com/opensec-exploits/exploits/netapps/x-win/ Tom Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message