Re: Can't use applications with su

To: oe.hansen@halmstad.mail.telia.com
Cc: Siggy Brentrup <bsb@uni-muenster.de>, debian-devel@lists.debian.org
Subject: Re: Can't use applications with su
From: Philippe Troin <phil@fifi.org>
Date: Sun, 26 Jan 1997 22:02:04 -0800
Message-id: <[🔎] 199701270602.WAA27015@tantale.fifi.org>
In-reply-to: Your message of "Sun, 26 Jan 1997 23:34:47 +0100." <[🔎] 199701262234.XAA29120@oehansen.telia.com>

On Sun, 26 Jan 1997 23:34:47 +0100 "Orn E. Hansen" 
(oe.hansen@halmstad.mail.telia.com) wrote:

> > While this admittedly works for most cases, you will lose e.g Exmh's 
> > background
> > processing capabilities which require an empty xhost list.
> > 
>   Actually, I'd like some explaining to this... personally, I don't
> consider fiddling with Xauthority between machines and possibly even sites
> to be a good idea... but rather as a temporary solution.
> 
>   This action of exmh has annoyed me, several times, what is the logic
> behind it?

It's quite simple...
Every running Tk application can be sent an arbitrary command by anyone which has access to the X server on which the app is running. Look at the (3tk)send manpage.
As this can be a serious security hole, tk by default disable this feature when the xhost list is not empty (this is, you're not using xauth identification).
And exmh uses send to communicate with its children...

Phil.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: Can't use applications with su
  - From: "Orn E. Hansen" <oe.hansen@halmstad.mail.telia.com>

Prev by Date: no final newline in source package: how to deal with this?
Next by Date: Re: Simple solution to pre-installation configuration
Previous by thread: Re: Can't use applications with su
Next by thread: Re: Can't use applications with su
Index(es):
- Date
- Thread