l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Mar 21 12:49

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] xhost+: Why you should NEVER DO THAT
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] xhost+: Why you should NEVER DO THAT



On Friday 18 March 2005 02:18, Karsten M. Self wrote:
> Mark Kim apparently insists on dispersing bad advice regarding use of
> xhost + to allow remote X11 access.
>

I agree that it's a bad advice.

When user needs that advice, he likely doesn't know intricacies of X enough to 
know which situations are acceptable to use "xhost +" in, and and which ones 
are not.

User will probably end up thinking "x access problems? == xhot +!".

And this applies to other technical answers too. While it might be easier to 
say "oh just do it in the insecure way, you are safe in your circumstances", 
user will likely remember solution, and possibly offer it as advice to 
someone else without full understanding of security implications.

Or perhaps someone else searching archives and thinking his problem might be 
similar. He tries "xhost +", and voila, it worked. Except he was sitting in a 
university lab with open xports. Boo.

Again, both of this scenarios are very undesirable.  So please avoid advice 
that can very easily be harmful to people.  Remember that there are archives 
that show up on google, and different people are likely to have slightly 
different circumstance, and not everyone is fully aware of security 
implications. (And even if next email explains alternatives and implications, 
user who has a problem is not going to bother reading it all, 95% of the 
time. Trust me)

-- 
Dmitriy - LUGOD VP
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.