RE: Newbee-ish X and root question
> -----Original Message-----
> From: Vineet Kumar [mailto:debian-user@virtual.doorstop.net]
> Sent: Tuesday, March 25, 2003 2:12 PM
> To: debian-user@lists.debian.org
> Subject: Re: Newbee-ish X and root question
>
>
> Two things. Environment variables, to be precise. The two
> in question
> are DISPLAY and XAUTHORITY. The former tells X clients where the
> display is (after all, it could be another X server on this
> machine, or
> another machine entirely ... it s X after all =). The latter tells X
> clients how to authenticate themselves to that display. Your
> display is
> smart enough to not just allow anybody that tries to connect
> to it. The
> dangers of such actions are greater than just anybody being able to
> display nasty pictures on your screen, but also to take more control
> over your X session's behavior, such as changing the way your pointer
> and/or keyboard behave. Note that using xhost generally leaves your
> arse wide open like this, which is why You Should Never Use
> Xhost. (If
> you don't know what xhost is, great. Just know that if anybody ever
> tells you to use it, they're giving you bad advice.)
>
> The XAUTHORITY environment variable points to a file in which a 'magic
> cookie' is stored. The X server won't allow any client to
> connect if it
> doesn't know the magic cookie. When you 'su -m', your
> original XAUTHORITY
> environment variable is still present in root's environment. This
> points at a file in your non-root-user's home directory. Since you're
> now root, you have permission to read that file and get the
> magic cookie
> contained inside. The corollary is that this method won't
> work (without
> a minor adjustment) when using 'su -m' to become another
> non-root user.
> For that, you can either use the xauth tool or modify the
> permissions on
> your xauthority file to allow the other user to read it. (Or you can
> manually give them the cookie, which is basically something that xauth
> will help you do less manually.)
>
> good times,
> Vineet
> --
> http://www.doorstop.net/
> --
> "If we do not believe in freedom of speech for those we
> despise we do not
> believe in it at all." --Noam Chomsky
>
Vineet,
Good information, thanks for that!!
Barry deFreese
Technology Services Manager
Nike Team Sports
(949)-616-4005
Barry.deFreese@nike.com
"Technology doesn't make you less stupid; it just makes you stupid faster."
Jerry Gregoire - Former CIO at Dell
Reply to: