On Thu, Oct 06, 2005 at 10:06:50AM +1000, Drew Parsons wrote: > Not useless, only if there's a local user vindictive enough to cause > this sort of disruption. I have in mind the usual setup on a univerity, school or workplace. It is common to have some malicious users between them. I did not found usernames in the log, so a system administrator has no way to find the user who 'broke' Xprt.
> I'm not sure how enthusiastic some systems would be to have an Xprt > instance running for every single user, however. It's not what it's > generally intended for. Xprt and X can be started at anytime by a user and they can continue running after the user leaves. This is a problem the system adminstrators have already. I don't think it is strange to make Xprt synchronize with X startup, faking the one server setup we will probably get someday in the future. But I admit that it would be better to run a single deamon. I saw in the man page of Xsecurity that there are a lot of different authetication methods in Xprt. It looks like MIT-MAGIC-COOKIE-1 is usefull: "This system is useful in an environment where many users are running applications on the same machine and want to avoid interference from each other, with the caveat that this control is only as good as the access control to the physical network." It is running in no-listen mode anyway. When a user has a cookie he cannot be excluded by other users. Giving the cookie can be done together with setting the environment or something like that. Please note that I have no experience with security of X servers, so I might be way of... :-D Regards, Christof -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

