Is "xhost +si:localuser:root" safe?

To: debian-user@lists.debian.org
Subject: Is "xhost +si:localuser:root" safe?
From: Vincent Lefevre <vincent@vinc17.net>
Date: Tue, 22 Jul 2014 17:48:24 +0200
Message-id: <[🔎] 20140722154824.GB31669@xvii.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org

To be able to save/restore the XKB keymap in a /etc/pm/sleep.d script
(as a workaround for Debian bug 633849), xkbcomp needs to have access
to the display. The simplest solution I've found is a

  xhost +si:localuser:root

in my .xsession file.

But some users discourage to allow this access permanently.[*]
So, I'm wondering whether there could be security issues.

I thought that this would be more or less equivalent to the current
status as root can due pretty much anything, such as getting the
user's X authority file via /proc/*/environ (my sleep.d script
could do the same thing, but this is a rather dirty solution).

[*] https://lists.debian.org/debian-user/2014/05/msg00045.html
    http://superuser.com/a/573839 (This one even says that this
    isn't much different from a raw "xhost +"!)

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Is "xhost +si:localuser:root" safe?
  - From: Martin Steigerwald <Martin@lichtvoll.de>

Prev by Date: Re: I'm not a huge fan of systemd
Next by Date: Re: init spawning multiple cf-execd processes at once
Previous by thread: Re: Main Menu
Next by thread: Re: Is "xhost +si:localuser:root" safe?
Index(es):
- Date
- Thread