This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
Re: security, cvs, was Re: interface bindings of x-server
- From: Keith Packard <keithp at keithp dot com>
- To: Dave Dodge <dododge at dododge dot net>
- Cc: Alan Coopersmith <Alan dot Coopersmith at Sun dot COM>, "roland at webde" <devzero at web dot de>, Keith Whitwell <keith at tungstengraphics dot com>, Keith Packard <keithp at keithp dot com>, cygwin-xfree at cygwin dot com, xserver at pdx dot freedesktop dot org
- Date: Wed, 19 Nov 2003 16:12:59 -0800
- Subject: Re: security, cvs, was Re: interface bindings of x-server
- Reply-to: cygwin-xfree at cygwin dot com
Around 18 o'clock on Nov 19, Dave Dodge wrote:
> [I realize xauth, or changing permissions on the unix socket, could
> probably solve this as well. But the localhost method is really,
> really easy :-]
When you say 'xhost +localhost' you're also granting permission for
applications to connect throught the unix domain socket. On a system with
Unix domain sockets, it's hard to see a valid use for 127.0.0.1:6000.
This is in no way meant to disuade people from adding suitable options to
configure which interfaces the (deprecated) IP listening sockets should
bind to; I think that's a very useful idea. I'm just trying to show that
the need for any IP connections is even less than people imagine.
-keith