This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Possible to use clipboard with remote/xdm connection?

From: Alexander Gottwald <Alexander dot Gottwald at s1999 dot tu-chemnitz dot de>
To: cygwin-xfree at cygwin dot com, chris dot green at isbd dot co dot uk
Date: Sat, 3 Jan 2004 12:00:04 +0100 (MET)
Subject: Re: Possible to use clipboard with remote/xdm connection?
References: <20031231221603.GA320@areti.co.uk> <3FF34EE3.9070300@msu.edu><20040101153702.GB1971@areti.co.uk> <Pine.LNX.4.55.0401011924080.2197@lupus.ago.vpn><20040102140446.GA4425@areti.co.uk> <Pine.LNX.4.58.0401021520560.12132@odoaker.hrz.tu-chemnitz.de><20040102144403.GA4596@areti.co.uk> <Pine.LNX.4.58.0401021702380.12132@odoaker.hrz.tu-chemnitz.de><20040102180025.GA5079@areti.co.uk> <Pine.LNX.4.55.0401022035300.1992@lupus.ago.vpn><20040102224336.GB5789@areti.co.uk>
Reply-to: cygwin-xfree at cygwin dot com

Chris Green wrote:

> > The win2k system and xwin are two different systems.
> >
> Not in this situation, they're both running on a machine to which I
> have administrator and root (if you want to call it that) access.
> Thus in reality I have access to *everything* that's going on in the
> machine.  Whatever 'security' X wants to put in my way I can (if I'm a
> reasonably capable programmer) circumvent.

you want root (in case it is not you) to have access to your passwords?

> > The first may be used by more than one person and the second must only be
> > used by you.
> >
> Why must xwin only be used by me?

you can alter this with xhost and xauth. But the default is to grant access
only to one person (or better session).

> > Just imagine someone wants to steal a password from you and starts a client
> > which registers all keystrokes entered in a xterm. This program can be started
> > from a linux box or from the win2k system itself. The X11 security model tries
> > to prevent this by not allowing any connection that is not started by you.
> >
> But the connection from which I wanted to run xwinclip *was* run by
> me.

This is clear to you but not to the xserver. There are several models to
convince the xserver that you are allowed to connect. Either host based via
xhost and token based via xauth. The later works well if you have shared
home directories (eg via nfs, afs or samba). After logging in to the xdmcp
server a token is stored in ~/.Xauthority. If this file is readable to
an xclient then the xclient knows the token for connecting to the xserver.

(see man Xsecurity for details on xauth)

> > If you've lost your key you'll be able to leave your house but are not able
> > to enter it again. These are two different situations and the design is good
> > but you have a problem if you've lost your key.
> >
> Not round here, no need to lock houses, it makes life *much* simpler
> to live.  Security is a huge waste of human resources with very few
> advantages or uses.

start the xserver with the parameter -ac. This makes it open to everyone.

bye
    ago
-- 
 Alexander.Gottwald@informatik.tu-chemnitz.de
 http://www.gotti.org           ICQ: 126018723

References:
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Chris Green
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Alexander Gottwald
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Chris Green
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Alexander Gottwald
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Chris Green
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Alexander Gottwald
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Chris Green
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Alexander Gottwald
- Re: Possible to use clipboard with remote/xdm connection?
  - From: Chris Green

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]