About xhost security policies

danielsforummail danielsforummail at terra.com.br
Sat Jan 6 06:56:52 PST 2007


I am doing maintenance on a Java application that acts like a X client. This java application connects to the X
server over a TCP socket at 

In order to have the X server accept the connection from my Java application, I discovered that first I have to
enable TCP connections (for example, by editing the fdm.conf file) and then run "xhost + localhost".

It is not clear why I have to run "xhost + localhost". If I set DISPLAY= and run xeyes, it appears
on my display _without_ need of "xhost + localhost". But running xeyes as another user on the same machine
requires again "xhost + localhost".

Asking netstat about the TCP connections, I discovered that they are similar for xeyes and the java app. I
suppose that the security verification checks the socket address and something else that I cannot figure out.

Is there some documentation or specification available online about the xhost authentication policy? Or does
someone have deeper knowledge about? 

I have already tried googling around or searching the forums. Many people tell to run "xhost + localhost" or
simply "xhost +" because it works, but do not explain why, and I am very curious about and would appreciate
learning more about.

Best regards,

More information about the xorg mailing list