4/26/93 (new feature) Implemented security check for "send" as proposed
by Bennett Todd: incoming sends are now rejected unless (a) xhost-style
access control is enabled and (b) the list of authorized hosts is
empty. In other words, you have to use xauth to use send. This feature
can be disabled by setting the TK_NO_SECURITY flag at compile-time.
The Tk people claim to have fixed this in the tk8.5 branch:
To reproduce: start exmh and activate under "Preferences" in "Background Processing" the "Separate background process" option and one of the "Background processing" options (e.g., flist).
These "xhost +si:localuser:..." settings have also caused problems to Tk users on RedHat/Fedora systems in the past:
https:/ /bugzilla. redhat. com/show_ bug.cgi? id=349071 /partner- bugzilla. redhat. com/show_ bug.cgi? id=216236
https:/
It all goes back to the Tk changes entry
4/26/93 (new feature) Implemented security check for "send" as proposed
by Bennett Todd: incoming sends are now rejected unless (a) xhost-style
access control is enabled and (b) the list of authorized hosts is
empty. In other words, you have to use xauth to use send. This feature
can be disabled by setting the TK_NO_SECURITY flag at compile-time.
The Tk people claim to have fixed this in the tk8.5 branch:
https:/ /sourceforge. net/tracker/ index.php? func=detail& aid=1909931& group_id= 12997&atid= 112997
So I wonder why Ubuntu 10.4 is still affected ...
To reproduce: start exmh and activate under "Preferences" in "Background Processing" the "Separate background process" option and one of the "Background processing" options (e.g., flist).