public inbox for cygwin-xfree@sourceware.org
help / color / mirror / Atom feed
From: Alexander Gottwald <Alexander.Gottwald@s1999.tu-chemnitz.de>
To: cygwin-xfree@cygwin.com, chris.green@isbd.co.uk
Subject: Re: Possible to use clipboard with remote/xdm connection?
Date: Sat, 03 Jan 2004 11:00:00 -0000	[thread overview]
Message-ID: <Pine.LNX.4.55.0401031151380.1992@lupus.ago.vpn> (raw)
In-Reply-To: <20040102224336.GB5789@areti.co.uk>

Chris Green wrote:

> > The win2k system and xwin are two different systems.
> >
> Not in this situation, they're both running on a machine to which I
> have administrator and root (if you want to call it that) access.
> Thus in reality I have access to *everything* that's going on in the
> machine.  Whatever 'security' X wants to put in my way I can (if I'm a
> reasonably capable programmer) circumvent.

you want root (in case it is not you) to have access to your passwords?

> > The first may be used by more than one person and the second must only be
> > used by you.
> >
> Why must xwin only be used by me?

you can alter this with xhost and xauth. But the default is to grant access
only to one person (or better session).

> > Just imagine someone wants to steal a password from you and starts a client
> > which registers all keystrokes entered in a xterm. This program can be started
> > from a linux box or from the win2k system itself. The X11 security model tries
> > to prevent this by not allowing any connection that is not started by you.
> >
> But the connection from which I wanted to run xwinclip *was* run by
> me.

This is clear to you but not to the xserver. There are several models to
convince the xserver that you are allowed to connect. Either host based via
xhost and token based via xauth. The later works well if you have shared
home directories (eg via nfs, afs or samba). After logging in to the xdmcp
server a token is stored in ~/.Xauthority. If this file is readable to
an xclient then the xclient knows the token for connecting to the xserver.

(see man Xsecurity for details on xauth)

> > If you've lost your key you'll be able to leave your house but are not able
> > to enter it again. These are two different situations and the design is good
> > but you have a problem if you've lost your key.
> >
> Not round here, no need to lock houses, it makes life *much* simpler
> to live.  Security is a huge waste of human resources with very few
> advantages or uses.

start the xserver with the parameter -ac. This makes it open to everyone.

bye
    ago
-- 
 Alexander.Gottwald@informatik.tu-chemnitz.de
 http://www.gotti.org           ICQ: 126018723


  reply	other threads:[~2004-01-03 11:00 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-31 23:21 Chris Green
     [not found] ` <3FF34EE3.9070300@msu.edu>
2004-01-01 15:37   ` Chris Green
2004-01-01 18:26     ` Alexander Gottwald
2004-01-02 14:04       ` Chris Green
2004-01-02 14:33         ` Alexander Gottwald
2004-01-02 14:44           ` Chris Green
2004-01-02 15:20             ` Chris Green
2004-01-02 17:27               ` Alexander Gottwald
2004-01-02 18:03                 ` Chris Green
2004-01-02 19:33                   ` Alexander Gottwald
2004-01-02 19:49                     ` Thomas Dickey
2004-01-02 20:15                       ` Alexander Gottwald
2004-01-02 20:56                         ` Thomas Dickey
2004-01-02 21:33                           ` Harold L Hunt II
2004-01-02 21:40                             ` Thomas Dickey
2004-01-02 21:44                               ` Harold L Hunt II
2004-01-02 22:50                     ` Chris Green
2004-01-02 23:50                       ` [OT] " Igor Pechtchanski
2004-01-03  0:07                         ` Thomas Dickey
2004-01-03 12:22                         ` Chris Green
2004-01-02 16:10             ` Alexander Gottwald
2004-01-02 18:00               ` Chris Green
2004-01-02 18:28                 ` Harold L Hunt II
2004-01-02 18:50                   ` Chris Green
2004-01-02 19:20                     ` Harold L Hunt II
2004-01-02 22:50                       ` Chris Green
2004-01-02 20:13                 ` Alexander Gottwald
2004-01-02 22:43                   ` Chris Green
2004-01-03 11:00                     ` Alexander Gottwald [this message]
2004-01-12 19:57 Kevin Markle
2004-01-12 20:00 ` Harold L Hunt II

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.55.0401031151380.1992@lupus.ago.vpn \
    --to=alexander.gottwald@s1999.tu-chemnitz.de \
    --cc=chris.green@isbd.co.uk \
    --cc=cygwin-xfree@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).