This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security, cvs, was Re: interface bindings of x-server


On Wed, 19 Nov 2003, Alan Coopersmith wrote:
> roland@webde wrote:
> > the only chance to get rid of it, is to use unix domain socket
> > (via -nolisten tcp) OR to add the option, to specify the interface
> > bindings and be able to bind it to local loopback ONLY. I`d prefer
> > the second one.
>
> Why?  What benefit does a TCP loopback connection provide over the Unix
> domain socket (which is generally faster on most OS'es)?

Just a data point: I have lots of special-purpose accounts on my
desktop system, for example when building package XYZ I might create a
specific "xyz" user and group to do the build work, own the resulting
files, etc. So it's very common for me to su over to one of these
accounts and run things like emacs or application-specific GUI tools
as that special user. I use "xhost +localhost" to let these other
accounts display on my desktop; but I basically never have the need
for connections to port 6000 from off-machine anymore (I use ssh for
that instead).

[I realize xauth, or changing permissions on the unix socket, could
probably solve this as well. But the localhost method is really,
really easy :-]

                                                  -Dave Dodge


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]