xhost +localhost

Ted Mittelstaedt tedm at toybox.placo.com
Thu Feb 3 00:32:28 PST 2005

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Gert Cuykens
> Sent: Wednesday, February 02, 2005 6:20 PM
> To: Chris Hodgins
> Cc: freebsd-questions at freebsd.org
> Subject: Re: xhost +localhost
> > Don't want to be rude but do you have a specific reason for running
> > xscreensaver as root?
> > 
> > Chris
> Well the reason is very simple actuale lets pretend we have a user
> gert. User gert has alot of pictures and music stuff phone numbers
> user gert dont want does things to be gone. Somebody hacks user gert
> because user gert uses a screensaver. And the hacker deletes all
> files. User gert is not happy because he lost everything. Do you think
> user gert gives a chit that the system was untouched because the
> hacker did not had root permission ?
> For me its wrong to think user accounts are not importend because they
> do for the average window xp single user. They dont care about viruses
> infection on there system reinstalling everything they care about
> there files.  So if sreensaver is a securty risc as root i doesnt mean
> its not a security risck for a user account. The only differens
> between a root and user should be that users can not read or mess with
> other users files. The security sould be EXACTLY the same. So if root
> can not run a screensaver then the users can also not run a
> screensaver.

While all of this is very interesting academic, if user Gert is dumb
enough to leave the console of his UNIX system accessible then user
Ted can come along and power cycle it into single user mode and wipe his
disks whether he has the root password or not.

Or, are you assuming that the 'bios' passwords in the typical PC are
immune from 60 seconds of CMOS battery removal?


More information about the freebsd-questions mailing list