[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesu in KRASH
From:       Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date:       1999-09-22 21:22:04
[Download RAW message or body]

David Faure wrote:

> Perhaps you can comment on the following bug report I got recently, and which
> is very related :
> 
> Package: kfm
> Version: 1.1.2
>  
> kfmsu2 calls "xhost +local:", which is insecure.
>  
> I suggest setting the XAUTHORITY environment for root to that of the user's to
> securely give root access to the display:
>  
> Remove "xhost +local:" and change su:
>  
> su - root -c "XAUTHORITY=$HOME/.Xauthority; DISPLAY=$DISPLAY; \
>     export XAUTHORITY DISPLAY; $kfm -sw >/dev/null"
>  
> I am using both Debian Slink and Redhat 6.0 with updates.  

The bugreport is right :) In kdesu, I use almost the same mechanism as this
user is suggesting. The only difference is that I create a new .Xauthority
instead of using the user's.

Greetings,
-- 
    Geert Jansen                       email: <g.t.jansen at stud.tue.nl>
    Phylosopher, Physicist                        PGP key ID: 0xD2B5E7CE

[prev in list] [next in list] [prev in thread] [next in thread]