Date: Wed, 2 Feb 2005 20:00:31 -0500 From: Louis LeBlanc <FreeBSD@keyslapper.net> To: freebsd-questions@freebsd.org Subject: Re: xhost +localhost Message-ID: <20050203010031.GC24792@keyslapper.net> In-Reply-To: <ef60af0905020216106024d750@mail.gmail.com> References: <ef60af09050202095829be3b6f@mail.gmail.com> <20050202210526.GC77499@keyslapper.net> <42014E0A.5070003@mac.com> <20050202221851.GE77499@keyslapper.net> <ef60af09050202143655b26622@mail.gmail.com> <20050202224322.GF77499@keyslapper.net> <ef60af0905020215055e07b83e@mail.gmail.com> <20050202234814.GA24792@keyslapper.net> <ef60af0905020216106024d750@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ghzN8eJ9Qlbqn3iT Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 02/03/05 01:10 AM, Gert Cuykens sat at the `puter and typed: > > I assume this refers to the root window. Surely you're not logged > > into X as root. >=20 > no i am just logged as a user into X and my user name is the same as > root :) Lets call it the user root window. >=20 > > Try this: > > check your DISPLAY environment variable with > > echo $DISPLAY > > make sure it's ':0.0' or something similar, like <hostname>:0.0, then > > run this: > > /usr/X11R6/bin/xscreensaver -display $DISPLAY & > >=20 > > That should do what you're trying to do. > >=20 > > Lou > > -- >=20 > I# /usr/X11R6/bin/xscreensaver -display $DISPLAY > xscreensaver: 01:02:41: locking is disabled (running as nobody). > xscreensaver: 01:02:41: locking only works when xscreensaver is launched > by a normal, non-privileged user (e.g., not "root".) > See the manual for details. >=20 > man the xscreensaver thingie isnt kidding about it... That's your whole problem. It is widely considered a Very Bad Thing to log into X as root. Xscreensaver refuses to run there because it calls external programs, which it gives free reign within it's access limitations. If xscreensaver were running as root, these extermal programs would therefore run as root, and should any of them be written with certain malicious, or even just errant code, your secure box could do anything from implode due to a bad disk access in the boot sector, to hang it's kiester right out the internet for all to see and poke and prod. And they WILL poke and prod. xscreensaver is the only such program that comes to mind that tries to protect you in this way, but think of all the other programs you run: your wm, all those utilities, the calculator, and the list goes on. Not all of these are part of the OS, most are "contrib" code, which means they were written by people outside the official team for whatever project you got it with. That doesn't mean it's not good code, most of it is excellent at the very least, but it doesn't always have the same rigorous testing cycle, and it is almost NEVER written to run as root. And a process intended to run as root DOES get structured differently. I *VERY* strongly recommend you create a real user, call it gert or cuykens, or the name of your box, or whatever you want and DON'T add it to every group and give it admin privileges. Using root for anything but administrative use or accessing restricted resources is a huge security hole. Cheers. Lou --=20 Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Key fingerprint =3D C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Secretary's Revenge: Filing almost everything under "the". --ghzN8eJ9Qlbqn3iT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCAXevr4Wi/oDI2aIRAphcAJ43bwc9FfbFsrCCrWDWYNwjp0s9nwCeL+Lj 3Z+FKRZjEivcx+wIxXTHOks= =xn6a -----END PGP SIGNATURE----- --ghzN8eJ9Qlbqn3iT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050203010031.GC24792>