XFCE User Switching

Matthew Seaman matthew at FreeBSD.org
Thu Feb 20 20:42:46 UTC 2014

On 20/02/2014 12:08, Ralf Mardorf wrote:
> On Thu, 2014-02-20 at 12:30 +0800, Erich Dollansky wrote:
>> If you only want to start new programs under a different account, just
>> use su in an xterm.
> Isn't for FreeBSD something like e.g.
>         xhost +
> needed, assumed the OP want's to run a GUI app by another account? For
> Linux it is.

Please do not propagate the advice to use 'xhost +'.  It's a really bad
idea[*], along the lines of 'just chmod everything to world writable' --
letting just anyone connect to your X screen means that it becomes
trivially easy for an attacker to snoop on anything you're doing
including getting the text of any passwords you type in, etc. etc.

Read, mark, learn and inwardly digest the xauth(1) man page, for
learning how to grant the minimum necessary privilege is the first step
towards righteous security.


[*] Especially if your X server is network accessible, as it usually is
by default.

Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140220/ae2597c3/attachment.sig>

More information about the freebsd-questions mailing list