disable export:DISPLAY
Glynn Clements
glynn at gclements.plus.com
Mon Nov 2 20:49:40 PST 2009
stratton at telenet.be wrote:
> On multiseat/multi-users system there are multiple users logged in via
> gdm.Problem is that a user can start programs or take over a display
> from another user.How to prevent this?I have read about
> mit-magic-cookie but did not found a howto.
Use user-based ("xauth") access control rather than host-based ("xhost").
This should be the default if the server is started by a display
manager, unless you explicitly allow host-based access via xhost
(which you shouldn't do for a multi-user system).
I can't comment on GDM specifically (I don't use it, and the
documenation is silent on this issue), but it's possible that either
GDM or the default startup scripts perform the equivalent of
"xhost +local:" or "xhost +inet:localhost".
--
Glynn Clements <glynn at gclements.plus.com>
More information about the xorg
mailing list