[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: kdesu in KRASH
From: Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date: 1999-09-22 21:22:04
[Download RAW message or body]
David Faure wrote:
> Perhaps you can comment on the following bug report I got recently, and which
> is very related :
>
> Package: kfm
> Version: 1.1.2
>
> kfmsu2 calls "xhost +local:", which is insecure.
>
> I suggest setting the XAUTHORITY environment for root to that of the user's to
> securely give root access to the display:
>
> Remove "xhost +local:" and change su:
>
> su - root -c "XAUTHORITY=$HOME/.Xauthority; DISPLAY=$DISPLAY; \
> export XAUTHORITY DISPLAY; $kfm -sw >/dev/null"
>
> I am using both Debian Slink and Redhat 6.0 with updates.
The bugreport is right :) In kdesu, I use almost the same mechanism as this
user is suggesting. The only difference is that I create a new .Xauthority
instead of using the user's.
Greetings,
--
Geert Jansen email: <g.t.jansen at stud.tue.nl>
Phylosopher, Physicist PGP key ID: 0xD2B5E7CE
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic