HPE Community
Operating System - HP-UX
1753787 Members
7611 Online
108799 Solutions
New Discussion юеВ

Re: xhost and Exceed

 
Ver├│nica Mu├▒oz Segovia
Frequent Advisor

тАО10-03-2000 01:34 PM

тАО10-03-2000 01:34 PM

xhost and Exceed

Good afternoon,

Weeks ago we had an internal auditory and they put us as high risk the use of any xterminal software, I'm attaching you the document. Anybody knows these kind of security vulnerabilities and how can I fix them?

Best Regards,

Veronica Munoz
Always is important to know the opinion of other people with or without experience
0 Kudos
Reply
2 REPLIES 2
Rick Garland
Honored Contributor

тАО10-03-2000 02:04 PM

тАО10-03-2000 02:04 PM

Re: xhost and Exceed

The xhost command can list specific hosts which can connect to the server. If you do "xhost +" you are allowing anybody to connect. If you do 'xhost ' you are allowing only the nodename to connect to the X-server.
0 Kudos
Reply
Alex Glennie
Honored Contributor

тАО10-03-2000 11:53 PM

тАО10-03-2000 11:53 PM

Re: xhost and Exceed

You can also create a file /etc/X0.hosts : Plain ascii text containing on each line the single name of hosts you wish to grant host access to. All others will be rejected unless xhost + or xhost + is run.

Also be aware of user based control access by way of encrypted MIT magic cookie :
see man X and Xserver for more info : key word .Xauthority : also see /usr/dt/config/Xconfig : Dtlogin*Authorise : True/False CDE resource.

Also at 11.xx ICEauthority comes into action ....I don't know too much about this but it prevents more than one user with the same uid from login under CDE.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.