From: William Kenworthy <billk@iinet.net.au>
To: Troy Dack <troy@tkdack.com>
Cc: John Nilsson <pzycrow@hotpop.com>,
gentoo-dev List <gentoo-dev@gentoo.org>
Subject: Re: [gentoo-dev] GnomeUI-WARNING
Date: 19 Oct 2002 11:35:41 +0800 [thread overview]
Message-ID: <1034998541.8843.24.camel@rattus.localdomain> (raw)
In-Reply-To: <1034985810.7477.3.camel@waterhouse.internal.lan>
I dont see ssh as being a good solution in this case. On a firewalled
single user machine, the complexity of going through ssh (which seems to
have a patchy history as regards security itself) seems like it might be
more of a risk (i.e., misconfiguration, security holes etc) as well as
the inconvenience of an unwieldy command line compared to the
alternative - simplicity.
How does Mandrake, RedHat etc do this, as they work in the fashion I
desire?
I do use ssh in the above mode for external connections, but am
unconvinced it is useful or even adds anything but risky inconvenience
in a fully local mode. I am convinced there is a point where security
can be overdone and be self-defeating in the long run.
BillK
On Sat, 2002-10-19 at 08:03, Troy Dack wrote:
> On Sat, 2002-10-19 at 09:45, William Kenworthy wrote:
> > xhost +localhost
> > su -
> > export DISPLAY=localhost:0.0
> >
> > Using "su -", requires a display set. Where does one put the xhost and
> > export in a generic sence? I have a single user machine and often use a
> > number of x displays - how could I set up to do the above automaticly,
> > no matter which X dispaly I am on?
> >
> > BillK
>
> You really don't want that configured as a "default" it is not the most
> secure idea.
>
> A better alternative is to install ssh on the local machine, configure
> public/private key pairs for your root account, make ssh only listen on
> localhost (127.0.0.1), enable automatic X11 forwarding and then whenever
> you want to run an X app as root do:
>
> ssh -X root@localhost /path/to/application
>
> The overheads in running a ssh server are really not that much when you
> are doing it on the local machine only.
>
>
> --
> Troy Dack
> http://linux.tkdack.com
>
>
next prev parent reply other threads:[~2002-10-19 18:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-18 19:50 [gentoo-dev] GnomeUI-WARNING John Nilsson
2002-10-18 18:46 ` Thomas T. Veldhouse
2002-10-18 22:04 ` [gentoo-dev] GnomeUI-WARNING Thomas de Grenier de Latour
2002-10-18 23:45 ` [gentoo-dev] GnomeUI-WARNING William Kenworthy
2002-10-19 0:03 ` Troy Dack
2002-10-19 3:35 ` William Kenworthy [this message]
2002-10-23 11:05 ` Colin Morey
2002-10-24 4:27 ` Morten Liebach
2002-10-19 3:52 ` Matthew Kennedy
2002-10-19 2:12 ` Vitalyl Kushneriuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1034998541.8843.24.camel@rattus.localdomain \
--to=billk@iinet.net.au \
--cc=gentoo-dev@gentoo.org \
--cc=pzycrow@hotpop.com \
--cc=troy@tkdack.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox