[ale] Trojan mpg123 alert

Chris Ricker kaboom at gatech.edu
Tue Jan 21 14:13:29 EST 2003


On Tue, 21 Jan 2003, Dow Hurst wrote:

> Many distros come with X configured to use xauth instead of xhost for 
> user level authentication instead of host based authentication.  SSH 
> manages the xauth stuff so you don't have to do any work manually.  If 
> you only have xhost authentication then the throwaway user running on 
> the same machine side by side with your normal user identity could read 
> your keystrokes from any xterm your running.  The authentication scheme 
> for xhost assumes that if your logged in on the same machine that you 
> are "trusted" while  xauth does not.

If you configure PAM properly, su - works automagically with xauth

later,
chris
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list