[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-user
Subject: =?iso-8859-1?Q?RE=3A_Can=B4t_start_programs_online=2E?=
From: Jesper Krogh <jkr () lyngso-industri ! dk>
Date: 1999-07-29 5:59:28
[Download RAW message or body]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------ =_NextPart_001_01BED987.DE57303C
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I have actually solved the issue.
The Autoconfigure hostname option was on.
The reason that i didnīt notice it at the first place was that the
translation into my danish
KDE desktop, was so terrible that it was nothing but nonsense for mee.
> -))))
Thanks for your help.
> -----Original Message-----
> From: Andreas Pour [SMTP:pour@mieterra.com]
> Sent: Thursday, July 29, 1999 12:39 AM
> To: KDE User List
> Subject: Re: Canīt start programs online.
>
> jedd wrote:
>
> > On Wed, 28 Jul 1999, Jesper Krogh wrote:
> >
> > ] "xhost +" and "xhost +localhost" works
> > ] But is there anyone who has a good reason why this have to bee done.
> > ] It should not be nessesary ...should it ???
> >
> > Well, 'should' is a matter of taste. It's generally regarded that
> > security should be a higher priority than convenience, and for
> > the most part I think that approach is sage.
> >
> > In my autostart in KDE, I run a script that just does 'xhost +'.
> > (I can't do it before KDE (X) starts, because xhost needs to
> > talk to a running Xserver, of course.) By doing this, I allow
> > any other user of this computer to start programs that will
> > display on my monitor. This is considered a security issue,
> > and rightly so. I don't want an xterm appearing on a window
> > somewhere, finding it, thinking it's mine, and doing an 'su',
> > only to have someone's trojan horse capture my root p/w.
> >
> > (That's the answer to your first question :)
> >
> > In my instance, and probably in yours too, this is a non-issue,
> > since a) I am not connected to a network (very often), and
> > b) there are no other valid user accounts on this machine, so
> > that style of attack is not possible.
>
> If someone happens to conduct a port scan while you are temporarily
> attached to the Internet (using your dial-up ISP, e.g.), and notices that
> the X Server port (6000) is available, they can launch all kinds of
> attacks, whether or not you have set xhost+, but especially if you have.
> If xhost+ is set, an attacker can easily make screendumps, catch
> keystrokes and fake keystrokes, all pretty much without you knowing about
> it.
>
> Regards,
>
> Andreas Pour
>
> --
> Send posts to: kde-user@lists.netcentral.net
> Send all commands to: kde-user-request@lists.netcentral.net
> Put your command in the SUBJECT of the message:
> "subscribe", "unsubscribe", "set digest on", or "set digest off"
>
> All kde mailing lists are archived at http://lists.kde.org
> **********************************************************************
> This list is from your pals at NetCentral <http://www.netcentral.net/>
------ =_NextPart_001_01BED987.DE57303C
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.0.1460.9">
<TITLE>RE: Canīt start programs online.</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">I have actually solved the issue.</FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">The Autoconfigure hostname option was \
on.</FONT> <BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">The reason that i didnīt \
notice it at the first place was that the translation into my danish </FONT> \
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">KDE desktop, was so terrible that it \
was nothing but nonsense for mee. :-))))</FONT> <BR><FONT COLOR="#0000FF" SIZE=2 \
FACE="Arial">Thanks for your help. </FONT> </P>
<UL>
<P><FONT SIZE=1 FACE="Arial">-----Original Message-----</FONT>
<BR><B><FONT SIZE=1 FACE="Arial">From: </FONT></B> <FONT SIZE=1 \
FACE="Arial">Andreas Pour [SMTP:pour@mieterra.com]</FONT> <BR><B><FONT SIZE=1 \
FACE="Arial">Sent: </FONT></B> <FONT SIZE=1 FACE="Arial">Thursday, July \
29, 1999 12:39 AM</FONT> <BR><B><FONT SIZE=1 \
FACE="Arial">To: </FONT></B> <FONT SIZE=1 FACE="Arial">KDE \
User List</FONT> <BR><B><FONT SIZE=1 \
FACE="Arial">Subject: </FONT></B> <FONT \
SIZE=1 FACE="Arial">Re: Canīt start programs online.</FONT> </P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">jedd wrote:</FONT>
</P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">> On Wed, 28 Jul 1999, Jesper Krogh \
wrote:</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">></FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> ] "xhost +" and \
"xhost +localhost" works</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> ] But is there anyone who has a good reason why this have to \
bee done.</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> ] It should \
not be nessesary ...should it ???</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">></FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> \
Well, 'should' is a matter of taste. It's generally regarded that</FONT> \
<BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> security should be a higher \
priority than convenience, and for</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> the most part I think that approach is sage.</FONT> <BR><FONT \
COLOR="#000000" SIZE=2 FACE="Arial">></FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> In my autostart in KDE, I run a script that just does 'xhost \
+'.</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> (I can't do it \
before KDE (X) starts, because xhost needs to</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> talk to a running Xserver, of course.) By doing this, I \
allow</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> any other user \
of this computer to start programs that will</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> display on my monitor. This is considered a security \
issue,</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> and rightly \
so. I don't want an xterm appearing on a window</FONT> <BR><FONT \
COLOR="#000000" SIZE=2 FACE="Arial">> somewhere, finding it, thinking it's \
mine, and doing an 'su',</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> only to have someone's trojan horse capture my root \
p/w.</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">></FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> (That's the answer to your \
first question :)</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">></FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> In my instance, and probably \
in yours too, this is a non-issue,</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> since a) I am not connected to a network (very often), \
and</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">> b) there are no \
other valid user accounts on this machine, so</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">> that style of attack is not possible.</FONT> </P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">If someone happens to conduct a port \
scan while you are temporarily</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">attached to the Internet (using your dial-up ISP, e.g.), and notices \
that</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">the X Server port (6000) is \
available, they can launch all kinds of</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">attacks, whether or not you have set xhost+, but especially if you \
have.</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">If xhost+ is set, an \
attacker can easily make screendumps, catch</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">keystrokes and fake keystrokes, all pretty much without you knowing \
about</FONT> <BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">it.</FONT>
</P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">Regards,</FONT>
</P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">Andreas Pour</FONT>
</P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">-- </FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">Send posts to: \
kde-user@lists.netcentral.net</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial"> Send all commands to: \
kde-user-request@lists.netcentral.net</FONT> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial"> Put your command in the SUBJECT of the message:</FONT> <BR><FONT \
COLOR="#000000" SIZE=2 FACE="Arial"> "subscribe", \
"unsubscribe", "set digest on", or "set digest \
off"</FONT> </P>
<P><FONT COLOR="#000000" SIZE=2 FACE="Arial">All kde mailing lists are archived \
at</FONT><U> <FONT COLOR="#0000FF" SIZE=2 FACE="Arial"><A HREF="http://lists.kde.org" \
TARGET="_blank">http://lists.kde.org</A></FONT></U> <BR><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">**********************************************************************</FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Arial">This list is from your pals at \
NetCentral <</FONT><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial"><A \
HREF="http://www.netcentral.net/" \
TARGET="_blank">http://www.netcentral.net/</A></FONT></U><FONT COLOR="#000000" SIZE=2 \
FACE="Arial">></FONT> </P>
</UL>
</BODY>
</HTML>
------ =_NextPart_001_01BED987.DE57303C--
--
Send posts to: kde-user@lists.netcentral.net
Send all commands to: kde-user-request@lists.netcentral.net
Put your command in the SUBJECT of the message:
"subscribe", "unsubscribe", "set digest on", or "set digest off"
All kde mailing lists are archived at http://lists.kde.org
**********************************************************************
This list is from your pals at NetCentral <http://www.netcentral.net/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic