Feb 222014

… here’s how to decrease the security of your mac….

It was one of those situations that are hard to explain, but I wanted to execute an X program on a remote system and have it show up on my Mac’s screen WITHOUT using ssh. This was on Snow Leopard with the XQuartz X server, but probably similar in most macs.

Back in the age of dinosaurs you could just do “xhost +” (for complete suicide) or “xhost +ip-addr-or-hostname” to allow specific hosts to connect to your system (when XQuartz is installed xhost and its friends are located in /opt/X11/bin/ by default.) Even if you do this, however, OS X by default doesn’t listen to the network; to really kill your security you have to modify /opt/X11/bin/startx – on mine it’s line 111 or so, you’ll see 3 lines:

if [ x`defaults read $X11_PREFS_DOMAIN nolisten_tcp` = x1 ] ; then
defaultserverargs="$defaultserverargs -nolisten tcp"

Kill the “-nolisten tcp” bit, so it looks like:

if [ x`defaults read $X11_PREFS_DOMAIN nolisten_tcp` = x1 ] ; then

(Alternately set the environ variable.)

Change the file, restart the X server, and you’re good to go. Just turn this off when you’re done :)

Just in case anyone else is feeling their security is too good, or need a hack like I did.

(Using xhost is generally a bad idea, security-wise, but sometimes you just have to do what’s necessary to do the job.)

It really is amazing how long X11 has been around – almost 30 years (thanks for the correction, I had 20 earlier!), as of this writing, with no end in sight.

X windows from wiki


Sorry, the comment form is closed at this time.