Re: X authentication and su (Re: changing framebuffer device owner during login)

To: debian-devel@lists.debian.org
Subject: Re: X authentication and su (Re: changing framebuffer device owner during login)
From: Matt Zimmerman <mdz@debian.org>
Date: Sat, 30 Jun 2001 20:50:41 -0400
Message-id: <[🔎] 20010630205036.B12485@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.21.0106301647001.26753-100000@amboise.dolphin>
References: <[🔎] Pine.LNX.4.21.0106301647001.26753-100000@amboise.dolphin>

On Sat, Jun 30, 2001 at 05:06:12PM -0700, Francois Gouget wrote:

> On Sun, 1 Jul 2001, Herbert Xu wrote:
> 
> > Matt Zimmerman <mdz@debian.org> wrote:
> > 
> > > introduce a dependency on X by using the library routines.  Does anyone
> > > know how to gen xauth to cooperate, or am I stuck using a temporary file?
> > 
> > Would /dev/stdout work?
> 
>    It does not work: xauth tries to lock /dev/stdout and fails:
> 
> $ xauth -f /dev/stdout generate $DISPLAY . untrusted timeout 10 xauth:
> timeout in locking authority file /dev/stdout

Yes, I tried this.

>    The problem is xauth expects this file to be in the .Xauthority format and
>    thus I guess it tries to lock it, read it and rewrite it to add the new
>    cookie. Maybe the intention was that user X would directly add the cookie
>    to uer Y's .Xauthority file but of course it cannot work because of the
>    access right issues. Even if X were root it would no work because roout
>    would end up owning Y's file.

I think the intention is to store the cookie in a file, which could then be
shipped around by other means.  Unfortunately, writing it to the user's current
~/.Xauthority will cause the trusted cookie to be overwritten, as it seems
unable (or unwilling) to hold multiple cookies for a given display.  Even if
that worked, I don't think xauth generate outputs enough information to allow
an application to fetch the right cookie once it is written.

>    What's needed is for xauth to output the generated cookie in
>    extract/nextract or list mode. Then it makes sense to send it to stdout.
>    But how would you choose the output format, I'm not sure. Or maybe '-f'
>    should mean read from stdin and write to stdout. Then you would do:

Yes, that is what I would like it to do.  As for the output format, I would
settle for binary, but the whole nextract/extract nlist/list nmerge/merge
mechanism should be replaced with a -format flag or some such.

I guess I'll have to add an autoconf test for mkstemp (tmpfile won't work here,
obviously) and use a temporary file.  Blecch.

-- 
 - mdz

Reply to:

References:
- Re: X authentication and su (Re: changing framebuffer device owner during login)
  - From: Francois Gouget <fgouget@free.fr>

Prev by Date: Re: X authentication and su (Re: changing framebuffer device owner during login)
Next by Date: Re: [users] Re: Time to fight for our beloved DEB format!
Previous by thread: Re: X authentication and su (Re: changing framebuffer device owner during login)
Next by thread: Re: X authentication and su (Re: changing framebuffer device owner during login)
Index(es):
- Date
- Thread