security, cvs, was Re: interface bindings of x-server
Keith Packard
keithp@keithp.com
Thu Nov 20 00:13:00 GMT 2003
Around 18 o'clock on Nov 19, Dave Dodge wrote:
> [I realize xauth, or changing permissions on the unix socket, could
> probably solve this as well. But the localhost method is really,
> really easy :-]
When you say 'xhost +localhost' you're also granting permission for
applications to connect throught the unix domain socket. On a system with
Unix domain sockets, it's hard to see a valid use for 127.0.0.1:6000.
This is in no way meant to disuade people from adding suitable options to
configure which interfaces the (deprecated) IP listening sockets should
bind to; I think that's a very useful idea. I'm just trying to show that
the need for any IP connections is even less than people imagine.
-keith
More information about the Cygwin-xfree
mailing list