SUMMARY: Restricting remote X access.
My original question:
>
> What can I do to restrict remote X sessions (started with rexec or xdm
)?
> Is it something similar to the hosts.equiv file and
.rhosts?
>
Answer:
There are several approaches:
1. Using xhost. This program is used to add/delete host names to the list
of hosts allowed to make connections to the X server.
2. Xaccess. This file is in /usr/bin/X11/xdm/Xaccess
(/usr/var/X11/xdm or /usr/lib/X11/xdm )
THis file provides information that xdm uses to control access from displays
requesting XDMCP service. The whole stuff can be found in the man pages
in the XDMCP ACCESS CONTROL section.
3. the MIT-MAGIC-COOKIE-1 scheme.
There is a file (normally $HOME/.Xauthority) called the magic cookie.
Only people with read access to the magic cookie can get to your
display. This file should be kept safe.
4. Using the C2 security
Olny the IP addresses declared in:
/var/auth/system/devassign
and /var/auth/system/ttys
may open an X Session.
Thanks to everyone who replied:
MArtin J. Moore
Mike Mathews
Dave Warren
Rob Lembree
Knut Helleboe
Pillaiyar Thanigasalam
Kevin Walters
stephane Branchoux
Simon Greaves
Received on Fri Jul 07 1995 - 22:45:16 NZST