This is the mail archive of the
cygwin-xfree@cygwin.com
mailing list for the Cygwin XFree86 project.
Re: security, cvs, was Re: interface bindings of x-server
- From: Dave Dodge <dododge at dododge dot net>
- To: Alan Coopersmith <Alan dot Coopersmith at Sun dot COM>
- Cc: "roland at webde" <devzero at web dot de>, Keith Whitwell <keith at tungstengraphics dot com>, Keith Packard <keithp at keithp dot com>, <cygwin-xfree at cygwin dot com>, <xserver at pdx dot freedesktop dot org>
- Date: Wed, 19 Nov 2003 18:49:36 -0500 (EST)
- Subject: Re: security, cvs, was Re: interface bindings of x-server
- Reply-to: cygwin-xfree at cygwin dot com
On Wed, 19 Nov 2003, Alan Coopersmith wrote:
> roland@webde wrote:
> > the only chance to get rid of it, is to use unix domain socket
> > (via -nolisten tcp) OR to add the option, to specify the interface
> > bindings and be able to bind it to local loopback ONLY. I`d prefer
> > the second one.
>
> Why? What benefit does a TCP loopback connection provide over the Unix
> domain socket (which is generally faster on most OS'es)?
Just a data point: I have lots of special-purpose accounts on my
desktop system, for example when building package XYZ I might create a
specific "xyz" user and group to do the build work, own the resulting
files, etc. So it's very common for me to su over to one of these
accounts and run things like emacs or application-specific GUI tools
as that special user. I use "xhost +localhost" to let these other
accounts display on my desktop; but I basically never have the need
for connections to port 6000 from off-machine anymore (I use ssh for
that instead).
[I realize xauth, or changing permissions on the unix socket, could
probably solve this as well. But the localhost method is really,
really easy :-]
-Dave Dodge