[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't use applications with su

On Sun, 26 Jan 1997 23:34:47 +0100 "Orn E. Hansen" 
(oe.hansen@halmstad.mail.telia.com) wrote:

> > While this admittedly works for most cases, you will lose e.g Exmh's 
> > background
> > processing capabilities which require an empty xhost list.
> > 
>   Actually, I'd like some explaining to this... personally, I don't
> consider fiddling with Xauthority between machines and possibly even sites
> to be a good idea... but rather as a temporary solution.
>   This action of exmh has annoyed me, several times, what is the logic
> behind it?

It's quite simple...
Every running Tk application can be sent an arbitrary command by anyone which has access to the X server on which the app is running. Look at the (3tk)send manpage.
As this can be a serious security hole, tk by default disable this feature when the xhost list is not empty (this is, you're not using xauth identification).
And exmh uses send to communicate with its children...


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: