Disabling RECORD by default
Adam Jackson
ajax at nwnk.net
Mon Jun 20 17:36:27 UTC 2016
On Tue, 2016-06-14 at 23:41 -0700, Keith Packard wrote:
> The alternative would be to use separate X authorization data, but
> unless that is protected in the file system from access by the normal
> user, it offers no actual security. Hence, any program needing the
> 'magic' X authorization data would need to be setuid/setgid anyways. So
> we might as well simplify life by just directly checking for the special
> uid or gid.
Does this imply that XDMCP users don't deserve accessibility, since we
can't get a peer gid from a TCP socket? Seems suboptimal.
- ajax
More information about the xorg-devel
mailing list