On 13-12-06 19:18, Stefan Baur <newsgroups.mail2@stefanbaur.de> wrote:
Am 06.12.2013 18:44, schrieb Nick Ingegneri:
Once it became apparent in our testing that exporting displays didn't work as expected, the system administrator who installed it went through the configuration files and documentation looking for a solution. He couldn't find one, so he escalated it to me to look into. If we hadn't been able to find a fix it would have ruled out X2Go from further consideration, which would have been unfortunate as it is currently our leading choice for this particular need.
In my opinion, Mike is a bit too customer-friendly here by turning your request into a wishlist item that lets every newbie shoot him-/herself in the foot, security-wise, by toggling a setting in the configuration. Sorry, but I've seen way too many people go "chmod 777 -R /*" as soon as something doesn't work as expected, and I'm fearing the same for an easily reachable option to allow TCP connections - because "xhost +" is the X/TCP equivalent of "chmod 777 -R /*" in the filesystem.
Of course, everybody is free to shoot him-/herself in the foot, that's why it's Linux - but merely leaving a "this is dangerous" note next to the parameter is like sticking a tag "please don't use this unless you know what you're doing" on a loaded 12-gauge in a room full of toddlers.
There is one more aspect to this: If there is such a configuration option, then sooner or later the likes of Linux Mint will enable it by default for all their users, leaving them wide open to the whole world, despite all the warnings. They did that with 'xhost +'[0].
So I agree that even just having such an option hidden away somewhere would be very very bad. It needs to be hard and a lot of work to break security or somebody will do it by default and deploy it on a wide scale.
Ciao,
Alexander Wuerstlein.