Lo, on Monday, February 26, Ethan Benson did write:
> On Tue, Feb 27, 2001 at 06:05:03AM +0800, #KUNDAN KUMAR# wrote:
> > Are you using su to run the xcnofig? If that is the case, try running "xhost
> > +" inside the termianal. Then run su and do the kernel compilation...
> > let's see if it works.. just a guess..
>
> don't do that, that disables ALL X security and lets any bozo on your
> network or the internet to connect to and snoop your entire X
> session. never do that unless you are not connected to ANY NETWORK!
>
> in short xhost + is a HUGE SECURITY HOLE
Absolutely. Two options which are much better:
1) xhost +foo
where foo is your local hostname. Still not ideal, as this allows
anyone who can log on to your machine full access to the X server, as
Ethan described above.
2) xauth merge ~bar/.Xauthority
where `bar' is the user who started X (or logged in at the *dm
window). This is the best situation, as it only allows the user who
runs xauth access.
Richard
