public inbox for cygwin-xfree@sourceware.org help / color / mirror / Atom feed
From: Alexander Gottwald <Alexander.Gottwald@s1999.tu-chemnitz.de> To: cygwin-xfree@cygwin.com, chris.green@isbd.co.uk Subject: Re: Possible to use clipboard with remote/xdm connection? Date: Sat, 03 Jan 2004 11:00:00 -0000 [thread overview] Message-ID: <Pine.LNX.4.55.0401031151380.1992@lupus.ago.vpn> (raw) In-Reply-To: <20040102224336.GB5789@areti.co.uk> Chris Green wrote: > > The win2k system and xwin are two different systems. > > > Not in this situation, they're both running on a machine to which I > have administrator and root (if you want to call it that) access. > Thus in reality I have access to *everything* that's going on in the > machine. Whatever 'security' X wants to put in my way I can (if I'm a > reasonably capable programmer) circumvent. you want root (in case it is not you) to have access to your passwords? > > The first may be used by more than one person and the second must only be > > used by you. > > > Why must xwin only be used by me? you can alter this with xhost and xauth. But the default is to grant access only to one person (or better session). > > Just imagine someone wants to steal a password from you and starts a client > > which registers all keystrokes entered in a xterm. This program can be started > > from a linux box or from the win2k system itself. The X11 security model tries > > to prevent this by not allowing any connection that is not started by you. > > > But the connection from which I wanted to run xwinclip *was* run by > me. This is clear to you but not to the xserver. There are several models to convince the xserver that you are allowed to connect. Either host based via xhost and token based via xauth. The later works well if you have shared home directories (eg via nfs, afs or samba). After logging in to the xdmcp server a token is stored in ~/.Xauthority. If this file is readable to an xclient then the xclient knows the token for connecting to the xserver. (see man Xsecurity for details on xauth) > > If you've lost your key you'll be able to leave your house but are not able > > to enter it again. These are two different situations and the design is good > > but you have a problem if you've lost your key. > > > Not round here, no need to lock houses, it makes life *much* simpler > to live. Security is a huge waste of human resources with very few > advantages or uses. start the xserver with the parameter -ac. This makes it open to everyone. bye ago -- Alexander.Gottwald@informatik.tu-chemnitz.de http://www.gotti.org ICQ: 126018723
next prev parent reply other threads:[~2004-01-03 11:00 UTC|newest] Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top 2003-12-31 23:21 Chris Green [not found] ` <3FF34EE3.9070300@msu.edu> 2004-01-01 15:37 ` Chris Green 2004-01-01 18:26 ` Alexander Gottwald 2004-01-02 14:04 ` Chris Green 2004-01-02 14:33 ` Alexander Gottwald 2004-01-02 14:44 ` Chris Green 2004-01-02 15:20 ` Chris Green 2004-01-02 17:27 ` Alexander Gottwald 2004-01-02 18:03 ` Chris Green 2004-01-02 19:33 ` Alexander Gottwald 2004-01-02 19:49 ` Thomas Dickey 2004-01-02 20:15 ` Alexander Gottwald 2004-01-02 20:56 ` Thomas Dickey 2004-01-02 21:33 ` Harold L Hunt II 2004-01-02 21:40 ` Thomas Dickey 2004-01-02 21:44 ` Harold L Hunt II 2004-01-02 22:50 ` Chris Green 2004-01-02 23:50 ` [OT] " Igor Pechtchanski 2004-01-03 0:07 ` Thomas Dickey 2004-01-03 12:22 ` Chris Green 2004-01-02 16:10 ` Alexander Gottwald 2004-01-02 18:00 ` Chris Green 2004-01-02 18:28 ` Harold L Hunt II 2004-01-02 18:50 ` Chris Green 2004-01-02 19:20 ` Harold L Hunt II 2004-01-02 22:50 ` Chris Green 2004-01-02 20:13 ` Alexander Gottwald 2004-01-02 22:43 ` Chris Green 2004-01-03 11:00 ` Alexander Gottwald [this message] 2004-01-12 19:57 Kevin Markle 2004-01-12 20:00 ` Harold L Hunt II
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=Pine.LNX.4.55.0401031151380.1992@lupus.ago.vpn \ --to=alexander.gottwald@s1999.tu-chemnitz.de \ --cc=chris.green@isbd.co.uk \ --cc=cygwin-xfree@cygwin.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).