X security and using xhost + and xhost +localhost to allow kppp to be run by a user

[pac1@tiac.net]

I'm running a single user workstation.  I log in as an ordinary user and use kppp
to establish a connection with my ISP.  The most recent version of the distribution
I use tightened security in a number of places, and I had to start giving the
command xhost +localhost before running kppp. The new command was necessary because
X was complaining that root did not have privileges to create a window on my
display, which is owned by user pac1.

kppp apparently must run as root, and I log in as pac1.  kppp needing to run as
root caused its attempt to use the X server to display a window on my display to be
rejected.

The recommended solutions were to execute the commands

xhost +

or

xhost +localhost

I did some digging and found others with similar problems, and lots of advice about
the two commands shown above.   At the time, I was advised that xhost + without the
localhost would allow any host to control my x server and thus substitute their
keyboard and mouse events for mine, effectively taking over my system.   Using the
localhost prevents such actions except when the user is logged in to localhost.

While I use xhost +localhost, I don't know with any certainty if this is any more
or less secure than any other approach except xhost +, its just the only approach I
know at the moment.   Since no one but me can log in to my box, I'm not
particularly worried about the +localhost.  Should I be?

Anyway I'm looking for better answers.  I don't have much X security knowledge, and
I'm wondering if the "advice" I got was based on such knowlege, or was just
folklore,  information mixed with misinformation and partial information passed
around from person to person whenever a certain topic comes up in conversation.

Can anyone give a good detailed explanation or overview of the X security issues
here?  I think there are probably thousands of us who could use a good
comprehensive answer that explains in detail the hows and whys, and doesn't just
give the commands to "make things secure".

In particular,  I'd like a better knowlege of several things:

Why xhost + is not as secure as xhost +localhost

What are the the security issues are with xhost + and xhost +locahost and how these
issues could be exploited and addressed.  (I'm not going to be breaking into
anyone's system, but I would like to learn ways to prevent anyone from breaking
into mine.)

What better approaches to X security are there, and what strategies can be used to
secure programs like kppp which at the moment seems to require that it  run as
root, thus bringing up the X security issue in the first place.

A side issue:  How does pam fit into this.  When I run kppp, I get asked for the
root password each time by pam before the kppp application can start.  Is there a
secure way around this for a single user machine?

-Pat





--  
To UNSUBSCRIBE, email to ldp-discuss-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org