Re: Re: su/sudo cannot X

To: debian-user@lists.debian.org
Subject: Re: Re: su/sudo cannot X
From: hendrik@topoi.pooq.com
Date: Wed, 18 Jan 2006 22:15:57 -0500
Message-id: <[🔎] 20060119031557.GB7598@topoi.pooq.com>
In-reply-to: <[🔎] 43CEF1AE.2050108@gmail.com>
References: <[🔎] 43CDD046.2000102@crazeecanuck.homelinux.net> <[🔎] 43CEF1AE.2050108@gmail.com>

On Wed, Jan 18, 2006 at 08:55:58PM -0500, Lei Kong wrote:
> thanks, sux works beautifully.
> but still I don't understand why sudo -s has problems,
> and on my desktop, on problem at all, and I don't remember
> doing special thing on it.
> 
> As about the security concern, why is it more secure not to
> let root log into X than otherwise? why is not letting root start X
> client after su/sudo by default a good policy?  I just feel it is a
> bit funny, root can do anything, it just can't open a damn window.
> Maybe I really need to dig into xauth manual for an answer.

I've been told that if a process has a window on an X server, it can 
create fake events on any of the windows on the X server.  This was, 
ages ago, a building block for various nice user interfaces, decades 
before anybody was serious about computer security.  So an open root 
window wound be easy prey for any stray process that managed to put 
anything on your screen.

Anybody know how true this is?

-- hendrik

Reply to:

Follow-Ups:
- Re: su/sudo cannot X
  - From: John Hasler <jhasler@debian.org>
- Re: Re: su/sudo cannot X
  - From: Jon Dowland <lists@alcopop.org>

References:
- Re: su/sudo cannot X
  - From: "Edward J. Shornock" <debian-ml@crazeecanuck.homelinux.net>
- Re: Re: su/sudo cannot X
  - From: Lei Kong <lei.kong@gmail.com>

Prev by Date: Re: Re: su/sudo cannot X
Next by Date: Logical Volume Manager and RAID
Previous by thread: Re: Re: su/sudo cannot X
Next by thread: Re: su/sudo cannot X
Index(es):
- Date
- Thread