Re: Bug#44109: root access to xserver
Branden Robinson wrote:
> > I just saw no reason to disallow (e.g. not to
I'm sorry, I meant i.e., not e.g.
> > allow by default) root to connect to the xserver of "it's" maschine. And
> > it really annoys me and I'm sure, there're a lot of newbies who feel the
> > same.
> It's not a matter of being explicitly disallowed.
I know.
[Explanation about X security]
I think, you have a false impression of me. Although I'm using *ix just
half a year, I don't see myself as a newbie. I know very well the
security implications of X networking.
> > The reason, I formulated the enhancement request (bug #44109 really is)
> > as a question, was, that I wasn't sure if I miss something. But you
> > acknowledged, that there's no real security risk. So, my initial
> > question remains to be answered.
> Well, for one thing, bug 44019 should have been filed with "Severity:
> wishlist".
Agreed.
> I have reviewed the mails I sent you and do not see where I said "there's
> no security risk." A user doesn't really have any expectation of security
> or privacy on a machine where he or she is not also the administrator.
Message-ID: <19990906015232.A23581@ecn.purdue.edu>
>> How should the (in the FAQ) proposed XAUTH-solution be a security
>> problem?
>It isn't (well, there are ways you can get careless with it, but...).
> You apparently feel that some kind
> of hackery should be placed by DEFAULT into the root startup scripts that
> permit this kind of thing.
Yes.
I think the (in the FAQ) proposed XAUTH-solution should be the default.
> I disagree. Your system is yours and you may
> customize it as you please; but you cannot reasonably expect your
> preferences to be shared by all other users of Debian.
> It's simply part of Debian's philosophy to provide the user and system
> administrator with as customizable an environment as possible. Sometimes
> this means requiring novices to learn a thing or two rather than forcing
> experts to forget everything they ever knew. Debian caters to both
> audiences, and compromises must inevitably be struck.
It's not the problem, that I don't want to customize the system. The
opposite is true: I'm using free OSes exactly for that reason.
This thing really annoys me, but I filed that bug-report, because I
think, it's the case for a lot of people and I still don't see any
reason, why this shouldn't be the default.
Why should "experts" want root not to be able to connect to the local X
server? Even on a multiuser system, there's no security problem, since
root can connect whenever it wants to.
> > If you still feel, this is a waste of your time and don't answer (feel
> > free to do so), I'll forward this msg to debian-user.
> If you don't understand what I'm saying or why, please do.
Added debian-user to recipient list.
--
Ben Bucksch
http://www.bucksch.com
Reply to: