There is a difference between running a screensaver with the
configuration set with the desktop utility and accessing it via the
command line with root privilege. The "server" in this case is the
directory where the screensaver resides, as evidenced by the error
message output when I attempted the screensaver trick. This is not an
authorized access on my box. The security risk is very evident to me -
an application is being accessed by unusual means. Something a cracker
would attempt. Not allowed here, Paul.
Smitty
Paul M Foster wrote:
>
> On Sun, Jun 03, 2001 at 03:07:16PM -0400, Smitty wrote:
>
> > This only works if your security configuration is low. A user cannot
> > connect to that server on my box. Anyone who can do that trick as a
> > user should evaluate the consequences of their security set-up.
> > Smitty
> >
> > >
> > > P.S.
> > > Thank you, Derek, for teaching me that cool screensaver/backgroud trick.
> > > For any of you that weren't there, open up a console window and type the
> > > following:
> > >
> > > <path-to-screensaver> -root
> > >
>
> What server? The X server? I don't understand why a non-privileged user
> couldn't run a screensaver in their own X session. Nor what security
> risk this is.
>
> Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:47:52 EDT