From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20040 invoked by alias); 3 Jan 2004 11:00:11 -0000 Mailing-List: contact cygwin-xfree-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-xfree-owner@cygwin.com Mail-Followup-To: cygwin-xfree@cygwin.com Reply-To: cygwin-xfree@cygwin.com Received: (qmail 20032 invoked from network); 3 Jan 2004 11:00:09 -0000 Received: from unknown (HELO tom.hrz.tu-chemnitz.de) (134.109.132.38) by sources.redhat.com with SMTP; 3 Jan 2004 11:00:09 -0000 Received: from hermes.hrz.tu-chemnitz.de ([134.109.132.175]) by tom.hrz.tu-chemnitz.de with esmtp (Exim 4.22) id 1AcjVo-0007u0-Uw; Sat, 03 Jan 2004 12:00:08 +0100 Received: from odoaker.hrz.tu-chemnitz.de ([134.109.132.94] helo=stargate.ago.vpn ident=[GKI8sE5aCQwDfiLiB5uXLsVGl6fAyOAk]) by hermes.hrz.tu-chemnitz.de with esmtp (Exim 4.20) id 1AcjVn-0002Kx-SQ; Sat, 03 Jan 2004 12:00:08 +0100 Received: from lupus.ago.vpn (lupus.ago.vpn [192.168.26.203]) by stargate.ago.vpn (Postfix on SuSE Linux 7.0 (i386)) with ESMTP id 2D5DF18FA6; Sat, 3 Jan 2004 12:00:05 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by lupus.ago.vpn (Postfix) with ESMTP id 7C2AF8FE7; Sat, 3 Jan 2004 12:00:04 +0100 (MET) Date: Sat, 03 Jan 2004 11:00:00 -0000 From: Alexander Gottwald To: cygwin-xfree@cygwin.com, chris.green@isbd.co.uk Subject: Re: Possible to use clipboard with remote/xdm connection? In-Reply-To: <20040102224336.GB5789@areti.co.uk> Message-ID: References: <20031231221603.GA320@areti.co.uk> <3FF34EE3.9070300@msu.edu> <20040101153702.GB1971@areti.co.uk> <20040102140446.GA4425@areti.co.uk> <20040102144403.GA4596@areti.co.uk> <20040102180025.GA5079@areti.co.uk> <20040102224336.GB5789@areti.co.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: 0.0 (/) X-Spam-Report: --- Start der SpamAssassin 2.61 Textanalyse (0.0 Punkte) Fragen an/questions to: Postmaster TU Chemnitz --- Ende der SpamAssassin Textanalyse X-Scan-Signature: 88cb67b9b57d7b5bb9cb912476686b1b X-SW-Source: 2004-01/txt/msg00047.txt.bz2 List-Id: Chris Green wrote: > > The win2k system and xwin are two different systems. > > > Not in this situation, they're both running on a machine to which I > have administrator and root (if you want to call it that) access. > Thus in reality I have access to *everything* that's going on in the > machine. Whatever 'security' X wants to put in my way I can (if I'm a > reasonably capable programmer) circumvent. you want root (in case it is not you) to have access to your passwords? > > The first may be used by more than one person and the second must only be > > used by you. > > > Why must xwin only be used by me? you can alter this with xhost and xauth. But the default is to grant access only to one person (or better session). > > Just imagine someone wants to steal a password from you and starts a client > > which registers all keystrokes entered in a xterm. This program can be started > > from a linux box or from the win2k system itself. The X11 security model tries > > to prevent this by not allowing any connection that is not started by you. > > > But the connection from which I wanted to run xwinclip *was* run by > me. This is clear to you but not to the xserver. There are several models to convince the xserver that you are allowed to connect. Either host based via xhost and token based via xauth. The later works well if you have shared home directories (eg via nfs, afs or samba). After logging in to the xdmcp server a token is stored in ~/.Xauthority. If this file is readable to an xclient then the xclient knows the token for connecting to the xserver. (see man Xsecurity for details on xauth) > > If you've lost your key you'll be able to leave your house but are not able > > to enter it again. These are two different situations and the design is good > > but you have a problem if you've lost your key. > > > Not round here, no need to lock houses, it makes life *much* simpler > to live. Security is a huge waste of human resources with very few > advantages or uses. start the xserver with the parameter -ac. This makes it open to everyone. bye ago -- Alexander.Gottwald@informatik.tu-chemnitz.de http://www.gotti.org ICQ: 126018723