[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is "xhost +si:localuser:root" safe?

To be able to save/restore the XKB keymap in a /etc/pm/sleep.d script
(as a workaround for Debian bug 633849), xkbcomp needs to have access
to the display. The simplest solution I've found is a

  xhost +si:localuser:root

in my .xsession file.

But some users discourage to allow this access permanently.[*]
So, I'm wondering whether there could be security issues.

I thought that this would be more or less equivalent to the current
status as root can due pretty much anything, such as getting the
user's X authority file via /proc/*/environ (my sleep.d script
could do the same thing, but this is a rather dirty solution).

[*] https://lists.debian.org/debian-user/2014/05/msg00045.html
    http://superuser.com/a/573839 (This one even says that this
    isn't much different from a raw "xhost +"!)

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: