Create a *real* top level window

[Timo Juhani Lindfors]

Carsten Haitzler (The Rasterman) <raster at rasterman.com> writes:
> logged in user is king. you'd have to modify the xserver itself to have such a
> separation and provide a back-channel that can only be accessed by root to
> implement what you want. reality otherwise is that any x client can kill off

Thank you, this discussion inspired me to write a hack. The basic idea
is that Xorg listens on /tmp/.X11-unix/X1 instead of /X0 and a socat
process proxies traffic from /X0 to /X1. When the SAK key is hit, root
can kill -STOP socat to prevent the X clients of the normal user from
interfering. root can then run X applications that talk directly to
/X1.

1) In /etc/X11/xdm/Xservers I replaced

:0 local /usr/bin/X :0 vt7 -nolisten tcp

with

:0 local /usr/local/bin/sido-X :1 vt8 -nolisten tcp

2) I created /usr/local/bin/sido-X with

#!/bin/sh
killall socat
killall -9 socat
(sleep 10; socat -lm UNIX-LISTEN:/tmp/.X11-unix/X0,fork,mode=777 UNIX-CONNECT:/tmp/.X11-unix/X1) &
exec Xorg "$@"

3) I configured xsakd to run sido-sign-sak when ctrl-alt-del is
hit. sido-sign-sak does

#!/bin/sh
function get_window_list() {
XAUTHORITY=$auth DISPLAY=:1 xwininfo -tree -root|grep '('|cut -d'(' -f1|awk '{print $1}'|grep ^0x
}

killall -STOP socat
t=$(mktemp)
auth=$(ps -eocmd | grep " :1 " | grep ^Xorg | tr ' ' '\n' |grep ^/var/)

get_window_list > $t
XAUTHORITY=$auth DISPLAY=:1 xterm -name SAK -title SAK -bg red -fg black -e /usr/lib/sido/sido-sign &
pid=$!
sleep 1
t2=$(mktemp)
get_window_list > $t2
# XAUTHORITY=$auth DISPLAY=:1 xvkbd &
# XAUTHORITY=$auth DISPLAY=:1 xwininfo -tree -root
for w in $(sort -nr $t $t2 | uniq -u); do
    XAUTHORITY=$auth DISPLAY=:1 show-window $w
done
wait $pid

killall -CONT socat

3) show-window is just a quick'n'dirty helper application to make the
xterm visible:

// gcc show-window.c -o show-window -lX11 -Wall -g
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <X11/Xlib.h>
#include <X11/Xlibint.h>

int main(int argc, char *argv[]) {
    int ret;
    Display *dpy;
    XSetWindowAttributes attr;
    unsigned long window;

    assert(argc == 2);
    window = strtoul(argv[1], NULL, 16);
    assert(window > 0);
    
    dpy = XOpenDisplay(NULL);
    assert(dpy);

    attr.override_redirect = True;
    ret = XChangeWindowAttributes(dpy,
                                  window,
                                  CWOverrideRedirect,
                                  &attr);
    assert(ret);

    ret = XMapWindow(dpy,
                     window);
    assert(ret);

    ret = XRaiseWindow(dpy,
                       window);
    assert(ret);

    ret = XMoveResizeWindow(dpy,
                            window,
                            152,
                            81,
                            702,
                            411);
    assert(ret);

    ret = XSetInputFocus(dpy,
                         window,
                         RevertToParent,
                         CurrentTime);
    assert(ret);
    
    XCloseDisplay(dpy);
    
    
    return 0;
}

Is this a sound approach in general? I know that even when socat is
stopped normal X clients can still use shm to affect the contents of
the screen.