Default local auth policy

James Cloos cloos at jhcloos.com
Sat Mar 14 10:50:18 PDT 2009


>>>>> "Adam" == Adam Jackson <ajax at nwnk.net> writes:

Adam> Currently, if you start X without -ac and without -auth,
Adam> the default connection policy is to allow connections from
Adam> localhost. ...

Adam> I'd like to see a mode where the default policy is effectively
Adam> +si:localuser:`id -un`, which would allow connections only from
Adam> the uid that started the server.

Adam> cookies have to get stored on disk somewhere which sucks for NFS ...

While I disagree that storing cookies in $HOME ‘sucks for NFS’, I very
much agree that a server started w/o -ac and -auth should do exactly
what Adam proposes: allow connections, by default, only from the
starting UID and only from localhost.

When -auth is specified, it should work as it currently does.

Which leaves the interesting question of what should happen if -auth
is not specified, but -ac is?

Not to mention whether -nolisten tcp also should be the default?
Or perhaps the default only w/o -ac and -auth?

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6


More information about the xorg-devel mailing list