Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Wed, 22 May 2002 14:40:15 -0700 "Vineet Kumar" <[EMAIL PROTECTED]> wrote: > * Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]: > > Here's my lack of understanding: > > > > [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string: > > [1] root's password > > > > [b] ssh [EMAIL

Re: Root SSH permitted by default (was: how does root run a graphical prog)

Vineet Kumar wrote: > > * Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]: > > Here's my lack of understanding: > > > > [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string: > > [1] root's password > > > > [b] ssh [EMAIL PROTECTED] requires cracking three (3) separate > > str

Re: Root SSH permitted by default (was: how does root run a graphical prog)

* Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]: > Here's my lack of understanding: > > [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string: > [1] root's password > > [b] ssh [EMAIL PROTECTED] requires cracking three (3) separate > strings: > [1] mortal_user's username

Re: how does root run a graphical prog

on Tue, May 21, 2002, Rogerio Acquadro ([EMAIL PROTECTED]) wrote: > > hi, > > > > How come root can not run a graphical program under other user > > session. Let say, I do 'su' and I try to launch gkrellm. Xterm will > > produce this message: > > > > Xlib: connection to ":0.0" refused by server >

Re: how does root run a graphical prog

on Mon, May 20, 2002, Vineet Kumar ([EMAIL PROTECTED]) wrote: > * Dave Sherohman ([EMAIL PROTECTED]) [020520 10:49]: > > On Mon, May 20, 2002 at 06:39:22PM +0200, Kristian Rink wrote: > > > Something like 'xhost +' basically should > > > allow anyone (on your system) to connect to X hence to displa

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, 21 May 2002 20:50:57 +0100 "Colin Watson" <[EMAIL PROTECTED]> wrote: > Somebody who's allowed to run processes as you can, e.g., hijack your X > display and install a keystroke logger. Correct. However, this is still an extra step for the would-be cracker. Security is all about layering

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, May 21, 2002 at 01:55:24PM -0500, Dave Sherohman wrote: > On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote: > > Do you check for processes running under your uid every time you run su? > > There's (obviously) something I'm still missing here... Why is that > relevant? Somebod

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, May 21, 2002 at 01:55:24PM -0500, Dave Sherohman wrote: > On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote: > > Do you check for processes running under your uid every time you run su? > > There's (obviously) something I'm still missing here... Why is that > relevant? su only

Re: Root SSH permitted by default (was: how does root run a graphical prog)

Colin Watson wrote: > > On Mon, May 20, 2002 at 01:37:49PM -0500, Jamin W. Collins wrote: > > On Mon, 20 May 2002 19:01:50 +0100 > > "Colin Watson" <[EMAIL PROTECTED]> wrote: > > > Not in woody and sid, at least. See the paragraphs in > > > /usr/share/doc/ssh/README.Debian headed "PermitRootLogin

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, May 21, 2002 at 08:54:15PM +0200, Hans Ekbrand wrote: > On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote: > > > How so? Regularly sudo'ing, sure, since that uses the user's password > > > as a (hopefully limited) root password. > > On the contrary, since sudo'ing does not req

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote: > Do you check for processes running under your uid every time you run su? There's (obviously) something I'm still missing here... Why is that relevant? su only raises the priviliges of a single session, as can be readily observed by

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote: > On Tue, May 21, 2002 at 01:23:20PM -0500, Dave Sherohman wrote: > > On Mon, May 20, 2002 at 08:26:11PM +0100, Colin Watson wrote: > > > Like the document says, regularly su'ing to root from an account makes > > > compromising that acco

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Tue, May 21, 2002 at 01:23:20PM -0500, Dave Sherohman wrote: > On Mon, May 20, 2002 at 08:26:11PM +0100, Colin Watson wrote: > > Like the document says, regularly su'ing to root from an account makes > > compromising that account essentially equivalent to compromising root > > anyway. > > How s

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 11:29:14AM -0700, Vineet Kumar wrote: > * Dave Sherohman ([EMAIL PROTECTED]) [020520 10:49]: > > If you MUST use xhost, use 'xhost + localhost'. But using xauth or > > XAUTHORITY is the Right Way To Do It. > > Thanks Dave! You just pointed out one of the many, many, MANY r

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Mon, May 20, 2002 at 08:26:11PM +0100, Colin Watson wrote: > Like the document says, regularly su'ing to root from an account makes > compromising that account essentially equivalent to compromising root > anyway. How so? Regularly sudo'ing, sure, since that uses the user's password as a (hope

Re: how does root run a graphical prog

On Tue, May 21, 2002 at 12:37:34PM -0400, Travis Crump wrote: > Carel Fellinger wrote: ... > >I think you did `su', not `su -'. > > > >A mere `su' merely changes your identity, but the environment stays the > >same. In particular $HOME. So when you launce an X-appl, the authorisation > >cookie is

Re: how does root run a graphical prog

Jamin W.Collins wrote: Try opening a terminal as a normal user and running the following: echo $XAUTHORITY now 'su' to root and run the same commands again. And, finally 'su -' to root and run the commands one more time. I think you find the answer to your questions. (hint: take a close look

Re: how does root run a graphical prog

On Tue, 21 May 2002 12:37:34 -0400 "Travis Crump" <[EMAIL PROTECTED]> wrote: > I just did a plain 'su' followed by a 'echo $HOME' and got /root. Then > I tried to open a graphical program as root which I always thought just > worked and got an: (snip) > But the program still started and ran fin

Re: how does root run a graphical prog

Carel Fellinger wrote: On my Debian system root can automatically run X-Apps (after an su). I was wondering why but haven't figurerd it out yet. It's not what I was used to before. I think you did `su', not `su -'. A mere `su' merely changes your identity, but the environment stays the same.

Re: how does root run a graphical prog

> hi, > > How come root can not run a graphical program under other user > session. Let say, I do 'su' and I try to launch gkrellm. Xterm will > produce this message: > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > > Everything fine if I r

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 08:10:10PM +0100, Frank Zimmermann wrote: > On Mon, May 20, 2002 at 11:29:14AM -0700, Vineet Kumar wrote: ... > > Use su and read the originating user's ~/.Xauthority, or use ssh's X > > forwarding. > > > > On my Debian system root can automatically run X-Apps (after an su

Re: how does root run a graphical prog

* Peter Hicks ([EMAIL PROTECTED]) wrote: > Just put this in your .bashrc file > > XAUTHORITY=$HOME/.Xauthority > > export XAUTHORITY Thanks for the help. It has solved my problem. Actually I expect to have a nice and clean solution like yours, but turns out there are so many solutions for my prob

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Mon, 2002-05-20 at 15:37, Jamin W.Collins wrote: > On Mon, 20 May 2002 20:26:11 +0100 > "Colin Watson" <[EMAIL PROTECTED]> wrote: > > > Like the document says, regularly su'ing to root from an account makes > > compromising that account essentially equivalent to compromising root > > anyway. I

Re: how does root run a graphical prog

On Tue, 21 May 2002 08:24, Nicos Gollan wrote: > On Monday 20 May 2002 19:37, Dave Sherohman wrote: > > On Mon, May 20, 2002 at 06:49:19PM +0200, Nicos Gollan wrote: > > > You could try using ssh with X forwarding for that. Just "ssh > > > [EMAIL PROTECTED]" should do the trick. It's not the best w

Re: how does root run a graphical prog

On Monday 20 May 2002 19:37, Dave Sherohman wrote: > On Mon, May 20, 2002 at 06:49:19PM +0200, Nicos Gollan wrote: > > You could try using ssh with X forwarding for that. Just "ssh > > [EMAIL PROTECTED]" should do the trick. It's not the best way, but it works. > > ...unless you're on a system whic

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 12:36:06PM -0500, Dave Sherohman wrote: > On Mon, May 20, 2002 at 06:39:22PM +0200, Kristian Rink wrote: > > If you MUST use xhost, use 'xhost + localhost'. But using xauth or > XAUTHORITY is the Right Way To Do It. > Hm... by now I indeed pretty much was using xhost

Re: how does root run a graphical prog

On Mon, 2002-05-20 at 18:45, Willy S wrote: > hi, > > How come root can not run a graphical program under other user > session. Let say, I do 'su' and I try to launch gkrellm. Xterm will > produce this message: > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to c

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Mon, 20 May 2002 20:26:11 +0100 "Colin Watson" <[EMAIL PROTECTED]> wrote: > Like the document says, regularly su'ing to root from an account makes > compromising that account essentially equivalent to compromising root > anyway. I don't see a problem with the default configuration, and nor do >

Re: Root SSH permitted by default (was: how does root run a graphical prog)

On Mon, May 20, 2002 at 01:37:49PM -0500, Jamin W. Collins wrote: > On Mon, 20 May 2002 19:01:50 +0100 > "Colin Watson" <[EMAIL PROTECTED]> wrote: > > Not in woody and sid, at least. See the paragraphs in > > /usr/share/doc/ssh/README.Debian headed "PermitRootLogin set to yes". > > Man, talk about

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 11:29:14AM -0700, Vineet Kumar wrote: > * Dave Sherohman ([EMAIL PROTECTED]) [020520 10:49]: > > On Mon, May 20, 2002 at 06:39:22PM +0200, Kristian Rink wrote: > > > > Thankfully, debian's X config has by default an option (and I won't tell > you which if you don't know, b

Root SSH permitted by default (was: how does root run a graphical prog)

On Mon, 20 May 2002 19:01:50 +0100 "Colin Watson" <[EMAIL PROTECTED]> wrote: > On Mon, May 20, 2002 at 12:37:28PM -0500, Dave Sherohman wrote: > > ...unless you're on a system which is configured to disallow remote > > root logins via ssh. (Such as, say, the default Debian > > configuration.) >

Re: how does root run a graphical prog

* Dave Sherohman ([EMAIL PROTECTED]) [020520 10:49]: > On Mon, May 20, 2002 at 06:39:22PM +0200, Kristian Rink wrote: > > Something like 'xhost +' basically should > > allow anyone (on your system) to connect to X hence to display any > > graphical output. > > Bzzt! 'xhost +' allows anyone (on an

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 12:37:28PM -0500, Dave Sherohman wrote: > On Mon, May 20, 2002 at 06:49:19PM +0200, Nicos Gollan wrote: > > You could try using ssh with X forwarding for that. Just "ssh > > [EMAIL PROTECTED]" should do the trick. It's not the best way, but it > > works. > > ...unless you'r

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 06:49:19PM +0200, Nicos Gollan wrote: > You could try using ssh with X forwarding for that. Just "ssh [EMAIL > PROTECTED]" > should do the trick. It's not the best way, but it works. ...unless you're on a system which is configured to disallow remote root logins via ssh.

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 06:39:22PM +0200, Kristian Rink wrote: > Something like 'xhost +' basically should > allow anyone (on your system) to connect to X hence to display any > graphical output. Bzzt! 'xhost +' allows anyone (on any system capable of contacting your system) to connect to X and d

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 11:45:31PM +0700, Willy S wrote: >hi, > >How come root can not run a graphical program under other user >session. Let say, I do 'su' and I try to launch gkrellm. Xterm will >produce this message: > >Xlib: connection to ":0.0" refused by server >Xlib: Client is not authorized

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 11:45:31PM +0700, Willy S wrote: > How come root can not run a graphical program under other user > session. Let say, I do 'su' and I try to launch gkrellm. Xterm will > produce this message: > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized

Re: how does root run a graphical prog

Willy S <[EMAIL PROTECTED]> writes: > hi, > > How come root can not run a graphical program under other user > session. Let say, I do 'su' and I try to launch gkrellm. Xterm will > produce this message: > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect

Re: how does root run a graphical prog

I recommend xhost local:+ over the more general xhost + -- Carl Fink [EMAIL PROTECTED] Manager, Dueling Modems Computer Forum -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: how does root run a graphical prog

On Monday 20 May 2002 18:45, Willy S wrote: > How come root can not run a graphical program under other user > session. Let say, I do 'su' and I try to launch gkrellm. Xterm will > produce this message: > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to

Re: how does root run a graphical prog

On Mon, May 20, 2002 at 11:45:31PM +0700, Willy S wrote: > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server X requires you to have permissions to access the running X server to display any output on your screen. Usually (on well-configured syste

how does root run a graphical prog

hi, How come root can not run a graphical program under other user session. Let say, I do 'su' and I try to launch gkrellm. Xterm will produce this message: Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Everything fine if I run a console program