[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is "xhost +si:localuser:root" safe?

Am Dienstag, 22. Juli 2014, 17:48:24 schrieb Vincent Lefevre:
> To be able to save/restore the XKB keymap in a /etc/pm/sleep.d script
> (as a workaround for Debian bug 633849), xkbcomp needs to have access
> to the display. The simplest solution I've found is a
>   xhost +si:localuser:root
> in my .xsession file.

I think more fine grained would be to use xauth extract / xauth merge.

Or just:

export XAUTHORITY=/home/$USER/.Xauthority


> I thought that this would be more or less equivalent to the current
> status as root can due pretty much anything, such as getting the
> user's X authority file via /proc/*/environ (my sleep.d script
> could do the same thing, but this is a rather dirty solution).

Hmmm, okay, so tought about this solution. Why do you think it is dirty?

> [*] https://lists.debian.org/debian-user/2014/05/msg00045.html
>     http://superuser.com/a/573839 (This one even says that this
>     isn't much different from a raw "xhost +"!)

Well root can always set XAUTHORITY to some random user .Xauthority file, so I 
don´t see much of a difference.

Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7

Reply to: