Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 06-21-2007, 11:41 PM   #1
Registered: Jul 2004
Location: india
Distribution: RH
Posts: 189

Rep: Reputation: 30
Strange X Problem

One of the security tool has generated reports for our production system which is RedHat Linux 2.1 installed on it.

The error in question is :

unrestricted X server access (No X server access control )

Now when I tried to goole on above error found the following help.

"""""Restrict access to server: An open X display allows anyone, anywhere to view your screen, capture keystrokes and even execute commands remotely. This is a serious vulnerability that is easily fixed using xhosts or xauth. The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server, providing a rudimentary form of privacy control and security sufficient for a workstation environment (e.g. xhost +user@host when granting access).""""""""""

So tried to disable the unwanted access using below command. But got this,

>>>xhost -
xhost: unable to open display "" /root

But at the same time I get this when I run ,

>>>xauth list MIT-MAGIC-COOKIE-1 c04203fd1bdc2f31d7b249434ff4de3d
localhost.localdomain/unix:1 MIT-MAGIC-COOKIE-1 e448d1eb5e9ccce7a407ea55f06c0fe9 MIT-MAGIC-COOKIE-1 dd84bffa51d812943c1dba16ba2f54bb MIT-MAGIC-COOKIE-1 c04203fd1bdc2f31d7b249434ff4de3d MIT-MAGIC-COOKIE-1 e00708c7b585daea3ce89ef1f52bee89 MIT-MAGIC-COOKIE-1 0964d62871c1e842f60ad9307dfed6bf

And I have found that in /etc/sshd_config X11 Forwarding is set to Yes.

But it gives no output for

>>>echo $DISPLAY

Now I'm pretty confused as to whether the xhost is being used on this system? Or is it xauth or X11Forwarding ?? Or none ??
Then why is it that our Security Audit tool is complaining as ""unrestricted X server access (No X server access control )""

Please suggest !!!!!!!!!!!
Old 06-22-2007, 04:35 AM   #2
Senior Member
Registered: Dec 2002
Location: Mosquitoville
Distribution: RH 6.2, Gen2, Knoppix,arch, bodhi, studio, suse, mint
Posts: 3,300

Rep: Reputation: 65
from the xhost man page:

+ Access is granted to everyone, even if they aren't on the
list (i.e., access control is turned off).
- Access is restricted to only those on the list (i.e.,
access control is turned on).

so i think it's xhost -
then xhost + localhost

it's something like that anyway.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
strange problem... blackv1rus Linux - Networking 3 11-02-2005 05:56 PM
strange, strange alsa problem: sound is grainy/pixellated? fenderman11111 Linux - Software 1 11-01-2004 06:16 PM
strange problem.... shiatsu Linux - General 2 10-02-2003 05:16 PM
wx-config problem strange problem plz help glacier1985 Linux - Software 4 07-26-2003 06:20 PM
Strange problem............. LinuzRulz LQ Suggestions & Feedback 1 07-28-2002 09:03 PM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 08:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration