From: Jerker Nyberg (jerker_at_update.uu.se)
Date: Sun 02 Nov 2003 - 13:37:15 GMT
The easy answer is not to let untrusted applications connect to your
X-server... Run xterm locally and connect with no X-forwarding with ssh to
each vserver. But that does not answer your question.
It is possible to run some applications untrusted. Read "man xauth" and
search for "untrusted". This seem to work. Test with "xwininfo".
cp ~/.Xauthority ~/.XauthorityUntrusted
xauth generate $DISPLAY
But this does not work for many applications. One solution for them is to
use Xnest or Xvnc.
On Sun, 2 Nov 2003, GT wrote:
> I wondered how it is possible to keep two vservers from keylogging each
> others root-passwords when entered in an xterm.
> Assuming two xterms are running under the same Xserver, each called
> from one of the two vservers.
> Even with recent Xservers it is very simple to log an password entered
> at the "su -" prompt.
> Vserver mailing list
Vserver mailing list