Newsgroups: comp.windows.x
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!barmar
From: barmar@think.com (Barry Margolin)
Subject: Re: Xkernel and security
Message-ID: <1991Jun9.154532.26126@Think.COM>
Sender: news@Think.COM
Reply-To: barmar@think.com
Organization: Thinking Machines Corporation, Cambridge MA, USA
References: <868@llnl.LLNL.GOV>
Date: Sun, 9 Jun 91 15:45:32 GMT
Lines: 20

In article <868@llnl.LLNL.GOV> rjshaw@ramius.llnl.gov (Robert Shaw) writes:
>To do this however, I have to add the xdm server to the /etc/X0.hosts file
>in the filesystem that the Xkernel sees - because I use an MIT X11R4 server
>with access controls *enabled*.

>MIT X11R4 xhost behaves differently when I do this. It's as though the 
>xdm server is the local host!!

>Why does the display server on the Xkernel allow itself to be xhost'ed 
>remotely from the xdm server? 

Any host that can connect to the X server can perform *any* operation on
it, including xhost.  /etc/X0.hosts controls what hosts can connect to the
X server.  Since the XDM server must be able to connect to the X server, it
has to be in /etc/X0.hosts, and thus it can xhost it.
-- 
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar
