[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Trojan mpg123 alert

Subject: [ale] Trojan mpg123 alert
From: kaboom at gatech.edu (Chris Ricker)
Date: Tue, 21 Jan 2003 12:13:29 -0700 (MST)

On Tue, 21 Jan 2003, Dow Hurst wrote:

> Many distros come with X configured to use xauth instead of xhost for 
> user level authentication instead of host based authentication.  SSH 
> manages the xauth stuff so you don't have to do any work manually.  If 
> you only have xhost authentication then the throwaway user running on 
> the same machine side by side with your normal user identity could read 
> your keystrokes from any xterm your running.  The authentication scheme 
> for xhost assumes that if your logged in on the same machine that you 
> are "trusted" while  xauth does not.

If you configure PAM properly, su - works automagically with xauth

later,
chris
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] [OT] Sendmail (?) woes
Next by Date: [ale] [OT] Sendmail (?) woes
Previous by thread: [ale] Trojan mpg123 alert
Next by thread: [ale] (OT) used win98 license
Index(es):
- Date
- Thread