Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Dear God No.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Dear God No.
Authored by: ChrisMMF on Jan 14, '03 10:59:02AM

I realize that Mac users are not, historically, X11 users and it's mostly us refugee Unix geeks that have X11 experience, but this hint is flat out reckless.

What you've done is open a hole into your system and allow anyone anywhere to connect to it. The process they're connecting to runs as root. If there happened to be any type of security hole in the X11 server, absolute havoc could reign. Apple's X11, XDarwin, and the rest of the X11 servers for OS X are all based on the XFree project, and it's a reasonably well put together codebase, but it's HUGE. There's always the possibility for something to be missed. This is the same XFree that is used in every BSD and Linux distribution out there.

Moreover, you're also allowing anyone who wants to to display windows at random on your screen. That's what xhost + does. It would be less than trivial for me to write an X11 app that looked like the Apple Admin password requester and display it on your screen. You think pop up ads from your browser are bad?

Think that's the total problem? Nope. If I got XKey, and attached it to your server's port 6000, I could get a dump of ALL keystrokes and mouse movements into X11 apps. Writing a doc into OpenOffice? I've got it. Typing a password into some X11 app? Mine.

Does this mean you shouldnt remote display X11 apps? Absolutely not, once you use it, you'll find how incredibly useful it is.

What you do is, open the firewall, but, don't use xhost +. For xhost, + is a wildcard. It means that any host, anywhere, can connect and display.

Instead, use xhost some.host.name, or xhost x.x.x.x with an IP. This allows only that single host to send windows, and is much safer.



[ Reply to This | # ]
Re: Dear God No.
Authored by: ChrisMMF on Jan 14, '03 11:13:17AM

Yes, I did notice the warning at the bottom of the story about controlling this, but it wasn't a strong enough warning. You should never, never need xhost +. xhost with a hostname or IP should ALWAYS be your default.



[ Reply to This | # ]
Thanks!
Authored by: robg on Jan 14, '03 11:18:36AM

Sometimes in my rush to get through everything, I don't catch all that I should. I should have added more details here ... sorry!

-rob.



[ Reply to This | # ]