[ale] Trojan mpg123 alert
Chris Ricker
kaboom at gatech.edu
Tue Jan 21 14:13:29 EST 2003
On Tue, 21 Jan 2003, Dow Hurst wrote:
> Many distros come with X configured to use xauth instead of xhost for
> user level authentication instead of host based authentication. SSH
> manages the xauth stuff so you don't have to do any work manually. If
> you only have xhost authentication then the throwaway user running on
> the same machine side by side with your normal user identity could read
> your keystrokes from any xterm your running. The authentication scheme
> for xhost assumes that if your logged in on the same machine that you
> are "trusted" while xauth does not.
If you configure PAM properly, su - works automagically with xauth
later,
chris
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list