On Mon, 2004-12-06 at 13:11 +0900, Carsten Haitzler wrote: > On Sun, 05 Dec 2004 22:17:23 -0500 Peter Hyman <[EMAIL PROTECTED]> babbled: > > > On Mon, 2004-12-06 at 12:08 +0900, Carsten Haitzler wrote: > > > On Sun, 05 Dec 2004 19:55:13 -0500 Peter Hyman <[EMAIL PROTECTED]> > > > babbled: > > > > > > > On Sun, 2004-12-05 at 19:50 -0500, Corey Donohoe wrote: > > > > Maybe I was not clear. big snip... > > No argument there,re: security, but TEST? Why can't just a user use the > > -T option? Or, if not, at least it should be documented that you must be > > root or sudo root in order to test the product. > > because test mode can STILL log a user in and can authenticate (to test > authentication etc) it isn't just testing for a theme maker - its testing for > people working on the entrance CODE too. :) Ah ha. I was not aware of that. I just thought it was to look at. I was confused by the README.
"For those who would like to see what Entrance looks like before using it to start sessions, run "entrance --test". This will launch entrance in a window (800x600 by default), and xterm will be executed instead of the selected session. For more information type entrance --help." I inferred this to mean it opened a window to view the process but it did NOT do anything. The README said it had to run in an existing session, so I thought it would not try and log in. My bad. I did not understand. > > And. entranced is NOT needed for TEST. So that part of security should > > not be a big concern, should it? > > > > Test is nothing more than a windowed preview of what entrance could look > > like. Here's a scenario. Let's say you are designing a new theme. You'd > > like to test it while in development. User would have to sudo each time > > he wanted to test his/her theme. And, let's say the designing user does > > NOT have sudo perms? Then, how can he/she see the work in progress. > > no. have you actually entered a username and password? it literally logs the > user in and attempts to run a session as THAT user. if you "xhost +" and log > in > as another user in entrance -T an xterm runing AS that user will appear (it > normally won't work because the user will not be able to gain authority to the > DISPLAY) :) it tests much more than "theme" :) > > > No, I argue that any user should be able to preview. JMHO. > > > > > > > > > * Peter Hyman ([EMAIL PROTECTED]) wrote: > > > > > > Running entrance -T returns the following: > > > > > > > > > > > > bash-2.05b$ entrance -T > > > > > > WARNING: not a utf8 locale! > > > > > ^^^ is a message from edje I believe, you'll see that in apps other > > > > > than > > > > > entrance > > > > > > Debug: ipc_title = /var/entrance_ipc_0 > > > > > ^^^ is a message from entrance_ipc.c, it's debateable whether or not > > > > > this should be spewing out info, but for now you can simply ignore it. > > > > > > entrance_ipc_init: connect to daemon failed. > > > > > ^^^ is your user failing to connect to the ipc socket that entranced > > > > > and > > > > > entrance use to communicate, it can safely big ignored. > > > > > > > > > > Notice: > > > > > nemesis% entrance -T > > > > > WARNING: not a utf8 locale! > > > > > Debug: ipc_title = /var/lib/entrance/entrance_ipc_0 > > > > > entrance_ipc_init: connect to daemon failed. > > > > > > > > > > nemesis% sudo entrance -T > > > > > WARNING: not a utf8 locale! > > > > > Debug: ipc_title = /var/lib/entrance/entrance_ipc_0 > > > > > entrance_ipc_init: connect to daemon failed. > > > > > > > > > > nemesis% ps auwwx | grep entranced > > > > > root 8333 0.0 0.9 56068 4940 ? S Dec04 0:00 > > > > > /usr/sbin/entranced > > > > > > > > > > nemesis% entrance -T -z 8333 > > > > > WARNING: not a utf8 locale! > > > > > entrance: main: z optarg = 8333 > > > > > Debug: ipc_title = /var/lib/entrance/entrance_ipc_8333 > > > > > entrance_ipc_init: connect to daemon failed. > > > > > > > > > > nemesis% sudo entrance -T -z 8333 > > > > > WARNING: not a utf8 locale! > > > > > entrance: main: z optarg = 8333 > > > > > Debug: ipc_title = /var/lib/entrance/entrance_ipc_8333 > > > > > entrance_ipc_init: Success > > > > > > > > > > Worth noting is that unless you identify the pid you're not going to > > > > > connect to ipc even w/ sudo or as root. > > > > > > > > > > > > I must run as root or sudo entrance -T. > > > > > > > > > > > > Does this make sense? > > > > > Yes. > > > > > > Any user should be able to run this. > > > > > Any user can. > > > > > > Are there auth checks going on that are not needed? > > > > > Sorta, but they don't hurt the app > > > > > > > > > > > > I think it should allow any user to run it though, not just root or > > > > > > through sudo. > > > > > As stated above anyone can run entrance -T, you just can't login for > > > > > the > > > > > same reasons you wouldn't want me calling initgroups, setgid, and > > > > > setuid > > > > > to your user on a shell box. :D > > > > > > > > > > > -- > > > > > > Peter > > > > > > > > > > > __ > > > > > Corey Donohoe > > > > > http://www.atmos.org > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > SF email is sponsored by - The IT Product Guide > > > > > Read honest & candid reviews on hundreds of IT Products from real > > > > > users. > > > > > Discover which products truly live up to the hype. Start reading now. > > > > > http://productguide.itmanagersjournal.com/ > > > > > _______________________________________________ > > > > > enlightenment-devel mailing list > > > > > [EMAIL PROTECTED] > > > > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > > -- > > > > Peter > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > SF email is sponsored by - The IT Product Guide > > > > Read honest & candid reviews on hundreds of IT Products from real users. > > > > Discover which products truly live up to the hype. Start reading now. > > > > http://productguide.itmanagersjournal.com/ > > > > _______________________________________________ > > > > enlightenment-devel mailing list > > > > [EMAIL PROTECTED] > > > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > > > > > > > > > > -- > > Peter > > > > -- Peter ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ enlightenment-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
