disable export:DISPLAY
stratton
stratton at telenet.be
Tue Nov 3 01:47:14 PST 2009
On Tuesday 03 November 2009 10:03:46 walter harms wrote:
> Glynn Clements schrieb:
> > stratton at telenet.be wrote:
> >> On multiseat/multi-users system there are multiple users logged in via
> >> gdm.Problem is that a user can start programs or take over a display
> >> from another user.How to prevent this?I have read about
> >> mit-magic-cookie but did not found a howto.
> >
> > Use user-based ("xauth") access control rather than host-based ("xhost").
> >
> > This should be the default if the server is started by a display
> > manager, unless you explicitly allow host-based access via xhost
> > (which you shouldn't do for a multi-user system).
> >
> > I can't comment on GDM specifically (I don't use it, and the
> > documenation is silent on this issue), but it's possible that either
> > GDM or the default startup scripts perform the equivalent of
> > "xhost +local:" or "xhost +inet:localhost".
>
> i do not understand the problem. how do you connect to the server ?
> Normaly each user should have a separate session or uses every user the
> same login ?
>
> the most easy way is to use "X :0 -query server" and become an
> X11-Terminal. The other way is the login using ssh -X host and export the
> gfx.
>
> re,
> wh
>
>
>
> _______________________________________________
> xorg mailing list
> xorg at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/xorg
It is one computer where several users are logged in with gdm.Every users
get's a mit-magic-cookie in his xauthority file.
But one user can still starts programs as xterm on another users'display with
for example:DISPLAY=2.0 xterm
how to prevent this?
I tried to generate an magic cookie for the display 2.0 untrusted but still
can start prigrams from for example display 1.0 on display 2.0.
More information about the xorg
mailing list