16.6 The (in)security of the X-window system
X was designed in the 1980s, when few people were thinking seriously
about security. By 80s standards, X is quite conscientious.
Every time a client window makes a connection to a server
elsewhere on the network, some authentication must occur.
16.6.1. Why You Should Never Use xhost or xauth
However, the two most common methods of authentication are seriously
flawed. The first uses coarse-grained host control, whereby any user
on a trusted host can pop up windows on the X server in question.
This command for this method is xhost. The second method
uses a simple shared-secret system, where the secret is a randomly
generated number. Secrets, or "magic cookies", are generated with
the command mcookie, and merged into an access-control file
on both machines using xauth. The problem with this method
is that the cookie must somehow pass over the network to appear in
both machines' files. Thus it ceases to be a secret.
16.6.2. Use SSH Instead
For these reasons, you should never use xhost or xauth.
Instead, use the much easier security built into ssh. Simply
open an ssh connection to the remote machine and run the X
program you want to display. ssh automatically performs
authentication and encryption. This is called X forwarding.
It works even if you ssh to one machine and then ssh
from it into another machine. The encyption increases network
traffic and puts an extra computational load on both machines,
but they are well worth the security bought in return.