Re: KDE2 X display security
On Saturday July 28 2001 14:05, Ross Boylan wrote:
> I'm looking for a configuration file setting so that I won't need to
> type that command every time I start.
>
> On Sat, Jul 28, 2001 at 03:55:36PM +0200, Philipp Lehman wrote:
> > On Sat, 28 Jul 2001, Ross Boylan <RossBoylan@stanfordalumni.org> wrote:
> > >If I change to a regular terminal and do xhost + then the emacs & as
> > >root works.
> >
> > Are you looking for "xhost +local:"?
> >
> > --
> > Philipp Lehman <lehman@gmx.net>
I use the attached script to do this. I can't remember the source, but I read
an article that explained why using "xhost +local:" was bad from a security
POV. That's where I got this script from. It is lacking in one aspect - It
does not remove X-display permissions for the other user once he logs out. I
call this script "xsu".
Anyway, the usage is quite elementary:
xsu clientuser command
e.g.,
$ cd /usr/src/linux
$ xsu root 'make xconfig &'
$
-Andy
================= begin file================================
#!/bin/sh
if [ $# -lt 2 ]
then echo "usage: `basename $0` clientuser command" >&2
exit 2
fi
CLIENTUSER="$1"
shift
# FD 4 becomes stdin too
exec 4>&0
xauth list "$DISPLAY" | sed -e 's/^/add /' | {
# FD 3 becomes xauth output
# FD 0 becomes stdin again
# FD 4 is closed
exec 3>&0 0>&4 4>&-
exec su - "$CLIENTUSER" -c \
"xauth -q <&3
exec env DISPLAY='$DISPLAY' "'"$SHELL"'" -c '$*' 3>&-"
}
==================== end file================================
Reply to: