Re: Bug#44109: root access to xserver

To: Branden Robinson <branden@ecn.purdue.edu>, 44109@bugs.debian.org, debian-user@lists.debian.org
Subject: Re: Bug#44109: root access to xserver
From: Ben Bucksch <ben.bucksch@uumail.de>
Date: Thu, 09 Sep 1999 19:14:23 +0200
Message-id: <[🔎] 37D7EAEF.33D1921C@uumail.de>
References: <37D0B97F.9061DE09@uumail.de> <19990904145119.A6053@ecn.purdue.edu> <37D30B9D.A5B214DF@uumail.de> <19990905222037.A23022@ecn.purdue.edu> <37D349B9.C1A3CAB0@uumail.de> <19990906015232.A23581@ecn.purdue.edu> <37D3CF72.18B320C2@uumail.de> <19990906132934.A24722@ecn.purdue.edu>

Branden Robinson wrote:
> > I just saw no reason to disallow (e.g. not to

I'm sorry, I meant i.e., not e.g.

> > allow by default) root to connect to the xserver of "it's" maschine. And
> > it really annoys me and I'm sure, there're a lot of newbies who feel the
> > same.

> It's not a matter of being explicitly disallowed.

I know.

[Explanation about X security]

I think, you have a false impression of me. Although I'm using *ix just
half a year, I don't see myself as a newbie. I know very well the
security implications of X networking.

> > The reason, I formulated the enhancement request (bug #44109 really is)
> > as a question, was, that I wasn't sure if I miss something. But you
> > acknowledged, that there's no real security risk. So, my initial
> > question remains to be answered.
> Well, for one thing, bug 44019 should have been filed with "Severity:
> wishlist".

Agreed.

> I have reviewed the mails I sent you and do not see where I said "there's
> no security risk."  A user doesn't really have any expectation of security
> or privacy on a machine where he or she is not also the administrator.

Message-ID: <19990906015232.A23581@ecn.purdue.edu>
>> How should the (in the FAQ) proposed XAUTH-solution be a security
>> problem?
>It isn't (well, there are ways you can get careless with it, but...).

> You apparently feel that some kind
> of hackery should be placed by DEFAULT into the root startup scripts that
> permit this kind of thing.

Yes.
I think the (in the FAQ) proposed XAUTH-solution should be the default.

> I disagree.  Your system is yours and you may
> customize it as you please; but you cannot reasonably expect your
> preferences to be shared by all other users of Debian.
> It's simply part of Debian's philosophy to provide the user and system
> administrator with as customizable an environment as possible.  Sometimes
> this means requiring novices to learn a thing or two rather than forcing
> experts to forget everything they ever knew.  Debian caters to both
> audiences, and compromises must inevitably be struck.

It's not the problem, that I don't want to customize the system. The
opposite is true: I'm using free OSes exactly for that reason.
This thing really annoys me, but I filed that bug-report, because I
think, it's the case for a lot of people and I still don't see any
reason, why this shouldn't be the default.

Why should "experts" want root not to be able to connect to the local X
server? Even on a multiuser system, there's no security problem, since
root can connect whenever it wants to.

> > If you still feel, this is a waste of your time and don't answer (feel
> > free to do so), I'll forward this msg to debian-user.
> If you don't understand what I'm saying or why, please do.

Added debian-user to recipient list.

--
Ben Bucksch
http://www.bucksch.com

Reply to:

Prev by Date: Portable printer for Linux?
Next by Date: multiple-file search & replace
Previous by thread: Re: Portable printer for Linux?
Next by thread: multiple-file search & replace
Index(es):
- Date
- Thread