[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: X authentication and su (Re: changing framebuffer device owner during login)

Previously Joost Kooij wrote:
> luser> xauth list
> [lines with stuff, copy the "unix" one for your local display]
> luser> su - paranoid
> password:
> paranoid> export DISPLAY=:0
> paranoid> xauth add [now paste that line you just copied here]
> paranoid> /usr/bin/X11/untrusted-binary &

If it is indeed an untrusted binary you don't want it to be able to
chat with your X display anyway since it could immediately grab
another open window and start inserting commands in that. The
proper strategy is to run Xnest and run the application in that


 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@wiggy.net                   http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to: