Securing Xvfb on a multi-user system
billy_wilson at byu.edu
Tue Jan 13 14:22:45 PST 2015
I have a question about using Xvfb securely on a multi-user system. We
are currently using xorg-x11-server-Xvfb-1.10.4-6.el6.x86_64. Our main
reason for using Xvfb is to accommodate one of our users, whose
scientific computing software requires an X server for some reason.
My concern is that if the non-privileged user runs the following: `Xvfb
:1 -screen 0 800x600x24+1`
Any user on the system is able to export DISPLAY=:1 and run programs
that connect to his dummy X server. I'm aware of auth file and xhost
mechanisms for access control, but I was wondering how I can have Xvfb
restrict connections strictly to the user, by default.
In other words: How can I prevent an uninformed user from using the Xvfb
defaults and opening X to the world?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the xorg