[PATCH xinit 2/2] startx: Make startx auto display select work with per user /tmp dirs
Julien Cristau
jcristau at debian.org
Wed Mar 25 14:45:13 PDT 2015
On Wed, Mar 25, 2015 at 09:15:12 -0400, Ray Strode wrote:
> Hi,
>
> > Now, I've tried to avoid anything xauth-related, but from the little I know:
> > to support displayfd in startx you'd have to communicate back to startx
> > about the $DISPLAY and do the xauth dance before continuing with the xinit
> > initial client connection. AFAICT, that's the tricky bit about -displayfd
> > support in startx. Does that make sense or am I way off here?
> Sending $DISPLAY back to startx isn't actually an option since, $DISPLAY comes
> from the X server, and the auth file has to be prepared before
> starting the X server.
> If you start the X server without the auth file then the X server will
> get started wide
> open to anyone on the host. Sure you could lock it down at that point,
> but then there's
> a race where anyone could open the display and snoop from then on.
>
I ran into this when trying to make our xvfb-run wrapper use
-displayfd, would be nice if we can fix this. Maybe by making the
server consider empty -auth file as "nobody allowed" instead of
"everybody allowed"?
Julien
More information about the xorg-devel
mailing list