[12015] in bugtraq
Sun recommends users run 'xhost +' in StarOffice FAQ
daemon@ATHENA.MIT.EDU (PinkFreud)
Mon Sep 27 15:23:37 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990926145636.26189C-100000@orodruin.mirkwood.net>
Date: Sun, 26 Sep 1999 15:16:50 -0400
Reply-To: PinkFreud <pinkfreud@ORODRUIN.MIRKWOOD.NET>
From: PinkFreud <pinkfreud@ORODRUIN.MIRKWOOD.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Now that Sun has bought the creators of StarOffice, they have taken over
support of the product. This support, unsurprisingly, includes FAQs on
their website. While perusing the online documentation recently, I came
aross the following Q+A, located at:
http://www.sun.com/products/staroffice/techfaq-unix.html
During a network installation, setup was carried out on the
server under root with /NET parameter, followed by a log-in on
the server via user name and by starting setup from the bin
directory. Nothing happened. What is the problem? SuSE 6.0.
The user version shall be installed on the server as well.
This problem may be due to the fact that an X application is not
permitted to run on an X belonging to another user. You should try the
following: 'xhost +' and then 'export DISPLAY=:0.0' in the shell from
which you would like to start the setup. Otherwise we recommend
referring to the man pages 'man xhost' and 'man xauth'.
While specifying 'xhost +' may be an easy way of solving a permission
problem, it's also a large security risk, as it disables all security for
the X server it's run on. Considering that the majority of people who are
having that difficulty are probably fairly new to Linux, and *nix in
general, most will probably blindly take Sun's suggestion, and disable
security on their X server until they wind up restarting it.
I'm sure most of us know what can be done on an X server without security,
so I won't go into that.
Sun has been notified of this issue via their website - as of yet, I have
not recieved a response from them.
Mike (PinkFreud) @ Mirkwood.Net
