|

Free Desktop - xorg

disable export:DISPLAY

View: New views

4 Messages — Rating Filter: Alert me

	disable export:DISPLAY by startton :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On multiseat/multi-users system there are multiple users logged in via gdm.Problem is that a user can start programs or take over a display from another user.How to prevent this?I have read about mit-magic-cookie but did not found a howto. _______________________________________________ xorg mailing list xorg@... http://lists.freedesktop.org/mailman/listinfo/xorg
	Re: disable export:DISPLAY by Glynn Clements :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message stratton@... wrote: > On multiseat/multi-users system there are multiple users logged in via > gdm.Problem is that a user can start programs or take over a display > from another user.How to prevent this?I have read about > mit-magic-cookie but did not found a howto. Use user-based ("xauth") access control rather than host-based ("xhost"). This should be the default if the server is started by a display manager, unless you explicitly allow host-based access via xhost (which you shouldn't do for a multi-user system). I can't comment on GDM specifically (I don't use it, and the documenation is silent on this issue), but it's possible that either GDM or the default startup scripts perform the equivalent of "xhost +local:" or "xhost +inet:localhost". -- Glynn Clements <glynn@...> _______________________________________________ xorg mailing list xorg@... http://lists.freedesktop.org/mailman/listinfo/xorg
	Re: disable export:DISPLAY by walter harms-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Glynn Clements schrieb: > stratton@... wrote: > >> On multiseat/multi-users system there are multiple users logged in via >> gdm.Problem is that a user can start programs or take over a display >> from another user.How to prevent this?I have read about >> mit-magic-cookie but did not found a howto. > > Use user-based ("xauth") access control rather than host-based ("xhost"). > > This should be the default if the server is started by a display > manager, unless you explicitly allow host-based access via xhost > (which you shouldn't do for a multi-user system). > > I can't comment on GDM specifically (I don't use it, and the > documenation is silent on this issue), but it's possible that either > GDM or the default startup scripts perform the equivalent of > "xhost +local:" or "xhost +inet:localhost". > i do not understand the problem. how do you connect to the server ? Normaly each user should have a separate session or uses every user the same login ? the most easy way is to use "X :0 -query server" and become an X11-Terminal. The other way is the login using ssh -X host and export the gfx. re, wh _______________________________________________ xorg mailing list xorg@... http://lists.freedesktop.org/mailman/listinfo/xorg
	Re: disable export:DISPLAY by startton :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tuesday 03 November 2009 10:03:46 walter harms wrote: > Glynn Clements schrieb: > > stratton@... wrote: > >> On multiseat/multi-users system there are multiple users logged in via > >> gdm.Problem is that a user can start programs or take over a display > >> from another user.How to prevent this?I have read about > >> mit-magic-cookie but did not found a howto. > > > > Use user-based ("xauth") access control rather than host-based ("xhost"). > > > > This should be the default if the server is started by a display > > manager, unless you explicitly allow host-based access via xhost > > (which you shouldn't do for a multi-user system). > > > > I can't comment on GDM specifically (I don't use it, and the > > documenation is silent on this issue), but it's possible that either > > GDM or the default startup scripts perform the equivalent of > > "xhost +local:" or "xhost +inet:localhost". > > i do not understand the problem. how do you connect to the server ? > Normaly each user should have a separate session or uses every user the > same login ? > > the most easy way is to use "X :0 -query server" and become an > X11-Terminal. The other way is the login using ssh -X host and export the > gfx. > > re, > wh > > > > _______________________________________________ > xorg mailing list > xorg@... > http://lists.freedesktop.org/mailman/listinfo/xorg It is one computer where several users are logged in with gdm.Every users get's a mit-magic-cookie in his xauthority file. But one user can still starts programs as xterm on another users'display with for example:DISPLAY=2.0 xterm how to prevent this? I tried to generate an magic cookie for the display 2.0 untrusted but still can start prigrams from for example display 1.0 on display 2.0. _______________________________________________ xorg mailing list xorg@... http://lists.freedesktop.org/mailman/listinfo/xorg