Five years ago I wrote xhost+ is a huge security hole, I turned out red this morning when my neighbour sent me a smiley via X.
Do I really want everyone to have full access to my screen? No, I don’t. And I don’t do xhost+.
So why did it happen to me ???
I am using X-Window Attachmate aka Reflection X. And in this tool, according to the doc, the default X policy is unrestricted. This is in my opinion a huge flaw in the security design. Make sure you always change this to something more secure.
In Reflection X Manager Settings, Category Security, choose for instance User-based security and Prompt. Configuring X Cookies is probably more cumbersome.
Then when you or someone else will start an XTERM on your desktop, you will get a nice dialog box :
Client could not successfully authenticate itself to Reflection X server. Would you like Reflection X to connect to this client as an UNTRUSTED client ? Client originated from 192.168.0.1 (RX1303)
Ok, I have to click one more button, but at least I can deny access to my screen 🙂