disable export:DISPLAY

[stratton]

On Tuesday 03 November 2009 10:03:46 walter harms wrote:
> Glynn Clements schrieb:
> > stratton at telenet.be wrote:
> >> On multiseat/multi-users system there are multiple users logged in via
> >> gdm.Problem is that a user can start programs or take over a display
> >> from another user.How to prevent this?I have read about
> >> mit-magic-cookie but did not found a howto.
> >
> > Use user-based ("xauth") access control rather than host-based ("xhost").
> >
> > This should be the default if the server is started by a display
> > manager, unless you explicitly allow host-based access via xhost
> > (which you shouldn't do for a multi-user system).
> >
> > I can't comment on GDM specifically (I don't use it, and the
> > documenation is silent on this issue), but it's possible that either
> > GDM or the default startup scripts perform the equivalent of
> > "xhost +local:" or "xhost +inet:localhost".
>
> i do not understand the problem. how do you connect to the server ?
> Normaly each user should have a separate session or uses every user the
> same login ?
>
> the most easy way is to use  "X :0 -query server" and become an
> X11-Terminal. The other way is the login using ssh -X host and export the
> gfx.
>
> re,
>  wh
>
>
>
> _______________________________________________
> xorg mailing list
> xorg at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/xorg

It is one computer where several users are logged in with gdm.Every users 
get's a mit-magic-cookie in his xauthority file.
But one user can still starts programs as xterm on another users'display with 
for example:DISPLAY=2.0 xterm
how to prevent this?
I tried to generate an magic cookie for the display 2.0 untrusted but still 
can start prigrams from for example display 1.0 on display 2.0.