This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: security, cvs, was Re: interface bindings of x-server

From: Keith Packard <keithp at keithp dot com>
To: Dave Dodge <dododge at dododge dot net>
Cc: Alan Coopersmith <Alan dot Coopersmith at Sun dot COM>, "roland at webde" <devzero at web dot de>, Keith Whitwell <keith at tungstengraphics dot com>, Keith Packard <keithp at keithp dot com>, cygwin-xfree at cygwin dot com, xserver at pdx dot freedesktop dot org
Date: Wed, 19 Nov 2003 16:12:59 -0800
Subject: Re: security, cvs, was Re: interface bindings of x-server
Reply-to: cygwin-xfree at cygwin dot com

Around 18 o'clock on Nov 19, Dave Dodge wrote:

> [I realize xauth, or changing permissions on the unix socket, could
> probably solve this as well. But the localhost method is really,
> really easy :-]

When you say 'xhost +localhost' you're also granting permission for 
applications to connect throught the unix domain socket.  On a system with 
Unix domain sockets, it's hard to see a valid use for 127.0.0.1:6000.

This is in no way meant to disuade people from adding suitable options to 
configure which interfaces the (deprecated) IP listening sockets should 
bind to; I think that's a very useful idea.  I'm just trying to show that 
the need for any IP connections is even less than people imagine.

-keith

Follow-Ups:
- Re: security, cvs, was Re: interface bindings of x-server
  - From: Dave Dodge

References:
- Re: security, cvs, was Re: interface bindings of x-server
  - From: Dave Dodge

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]