Re: xhost

From: Alan Coopersmith (
Date: 05/29/02

Date: Wed, 29 May 2002 12:23:06 -0700
From: Alan Coopersmith <>
To: "Small, Jim" <>

On Wed, May 29, 2002 at 09:30:51AM -0400, Small, Jim wrote:
> I am working on a security solution for a network of Solaris servers (7 and
> 8). The network is periodically scanned for vulnerabilities. The problem
> is system admins keep using "xhost +" from their CDE session so they can
> display xclients from other servers. Needless to say, no matter how many
> times I admonish them not to use xhost +, they do anyway.
> I need to prevent the possibility of someone doing an xhost +, even if they
> are root. The only solution I can think of is to delete the xhost command,
> and put a script in that notifies admins that its use is forbidden.
> Of course it would be better to use secure RPC (or one of the other secure
> methods in Xsecurity(7), but I have not found a way to implement secure RPC
> without using xhost. For example, in order to use secure RPC, you have to
> do something such as:
> xhost nis:user@localnisdom, you then use xauth and can connect to the X
> server.

I see three solutions:
1) Tell the admins xhost + is forbidden by security policy and they will
   be fired if they do it, then follow through. Eventually they should
2) xhost source is publically available from, so you could compile
   a version that only supports secure RPC and disallows xhost +. Of
   course, the admins could also do this to get around you, but that
   goes back to #1.
3) Upgrade to Solaris 9 and start Xservers with "-nolisten tcp" so that
   their only choice for remote connections is using ssh. Again, if
   they have root they can edit the command line options and restart,
   but that goes back to #1.

Alan Coopersmith
http://soar.Berkeley.EDU/~alanc/ aka: Alan.Coopersmith@Sun.COM
  Working for, but definitely not speaking for, Sun Microsystems, Inc.