About xhost security policies
danielsforummail at terra.com.br
Sat Jan 6 06:56:52 PST 2007
I am doing maintenance on a Java application that acts like a X client. This java application connects to the X
server over a TCP socket at 127.0.0.1:6000.
In order to have the X server accept the connection from my Java application, I discovered that first I have to
enable TCP connections (for example, by editing the fdm.conf file) and then run "xhost + localhost".
It is not clear why I have to run "xhost + localhost". If I set DISPLAY=127.0.0.1:0.0 and run xeyes, it appears
on my display _without_ need of "xhost + localhost". But running xeyes as another user on the same machine
requires again "xhost + localhost".
Asking netstat about the TCP connections, I discovered that they are similar for xeyes and the java app. I
suppose that the security verification checks the socket address and something else that I cannot figure out.
Is there some documentation or specification available online about the xhost authentication policy? Or does
someone have deeper knowledge about?
I have already tried googling around or searching the forums. Many people tell to run "xhost + localhost" or
simply "xhost +" because it works, but do not explain why, and I am very curious about and would appreciate
learning more about.
More information about the xorg