Re: Default local auth policy
On Sat, 2009-03-14 at 13:50 -0400, James Cloos wrote: Adam == Adam Jackson a...@nwnk.net writes: Adam Currently, if you start X without -ac and without -auth, Adam the default connection policy is to allow connections from Adam localhost. ... Adam I'd like to see a mode where the default policy is effectively Adam +si:localuser:`id -un`, which would allow connections only from Adam the uid that started the server. Adam cookies have to get stored on disk somewhere which sucks for NFS ... While I disagree that storing cookies in $HOME ‘sucks for NFS’, I should have clarified. It sucks because NFS is unencrypted and storing your auth cookies there means the whole wire gets to read them. If you trust everyone on your local network, great. Which leaves the interesting question of what should happen if -auth is not specified, but -ac is? -ac means disable access control. Not to mention whether -nolisten tcp also should be the default? Or perhaps the default only w/o -ac and -auth? In the absence of a -listen, that would be unpleasant. Not that you're necessarily wrong. - ajax signature.asc Description: This is a digitally signed message part ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: How to distinguish Window and Pixmap ID
On Mon, 2009-03-16 at 10:57 +0800, Ren, Zhaohan wrote:
Hi all
Windows and pixmaps together are known as drawables. Now I get a
drawable ID(Created by XCreateWindow or XCreatePixmap) , I want to
know how to distinguish them, that is to say how to distinguish if a
drawable ID is a pixmap ID or window ID.
It seems that I didn't find any Xlib interface to achieve this. Are
there any good method to use?
There's no good interface for this, or for discovering the type of an
arbitrary XID in general. If you think you need one you're probably
mistaken. Why do you think you need to do this?
You _can_ do something like:
static int pixmap = 0;
static int pixmap_check(Display *d, void *v) { pixmap = 1; return 0; }
/* ... */
XWindowAttributes xwa;
void *old_handler = XSetErrorHandler(dpy, pixmap_check);
XGetWindowAttributes(dpy, draw, xwa);
XSetErrorHandler(dpy, old_handler);
if (pixmap) /* whatever */
But really, don't.
- ajax
signature.asc
Description: This is a digitally signed message part
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
Re: Default local auth policy
Adam == Adam Jackson a...@nwnk.net writes: While I disagree that storing cookies in $HOME ‘sucks for NFS’, Adam I should have clarified. It sucks because NFS is unencrypted and Adam storing your auth cookies there means the whole wire gets to read them. Adam If you trust everyone on your local network, great. Ah, OK. I was presuming a secure config. (Or, perhaps, had a fit of nostalgia. :) Which leaves the interesting question of what should happen if -auth is not specified, but -ac is? Adam -ac means disable access control. I must've been just barely awake. While reminding myself of -ac's purpose, I read disables host-based access control mechanisms. and must've only thought about the host-based part Not to mention whether -nolisten tcp also should be the default? Or perhaps the default only w/o -ac and -auth? Adam In the absence of a -listen, that would be unpleasant. Not that Adam you're necessarily wrong. If the point is to make it easier for the currently typical use case of a single box acting as both server and host-for-the-clients, where unix- domain sockets are the norm, tcp sockets may be unnecessary. In any case, just in case I was ambiguous, +1 to the original idea. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: Default local auth policy
On Fri, 2009-03-13 at 13:46 -0400, Adam Jackson wrote: Currently, if you start X without -ac and without -auth, the default connection policy is to allow connections from localhost. In particular, this means on every IPv[46] address, and any local transports including unix sockets. I'd like to see a mode where the default policy is effectively +si:localuser:`id -un`, which would allow connections only from the uid that started the server. This is effectively the policy everyone's trying to implement with xauth cookies, but cookies have to get stored on disk somewhere which sucks for NFS and r/o images, etc. For the gdm case, the display manager would add the real user to the access list once they've been authed, and then remove itself and start the session as the user. Normally I'd just change the default here, but I think this might be a significant enough difference in behaviour that you should have to ask for it. So. New -localuser option? Change the default? Bad idea, give up, take up farming? It sounds sensible, the only thing I'm concerned about is whether with this new default I could sudo X app and still get success. -- Eric Anholt e...@anholt.net eric.anh...@intel.com signature.asc Description: This is a digitally signed message part ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
RE: How to distinguish Window and Pixmap ID
I'm doing some video post-processing work, if the Drawable created by
application interface is a window I will use hardware overlay, if it is a
pixmap I will use textured video. Now I see, thank you for your help.
-Original Message-
From: Adam Jackson [mailto:a...@nwnk.net]
Sent: 2009年3月16日 22:31
To: Ren, Zhaohan
Cc: xorg-devel@lists.x.org
Subject: Re: How to distinguish Window and Pixmap ID
On Mon, 2009-03-16 at 10:57 +0800, Ren, Zhaohan wrote:
Hi all
Windows and pixmaps together are known as drawables. Now I get a
drawable ID(Created by XCreateWindow or XCreatePixmap) , I want to
know how to distinguish them, that is to say how to distinguish if a
drawable ID is a pixmap ID or window ID.
It seems that I didn't find any Xlib interface to achieve this. Are
there any good method to use?
There's no good interface for this, or for discovering the type of an
arbitrary XID in general. If you think you need one you're probably
mistaken. Why do you think you need to do this?
You _can_ do something like:
static int pixmap = 0;
static int pixmap_check(Display *d, void *v) { pixmap = 1; return 0; }
/* ... */
XWindowAttributes xwa;
void *old_handler = XSetErrorHandler(dpy, pixmap_check);
XGetWindowAttributes(dpy, draw, xwa);
XSetErrorHandler(dpy, old_handler);
if (pixmap) /* whatever */
But really, don't.
- ajax
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH] build.sh: add -f flag to append list of modules to a file.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Hutterer wrote:
Append the module being built (e.g. lib/libX11) to the file specified with
-f. If the build fails, resuming the build is as easy as build.sh -r `tail -n
1 filename` ...
Signed-off-by: Peter Hutterer peter.hutte...@who-t.net
Clever. I like it.
Acked-by: Ian Romanick ian.d.roman...@intel.com
---
build.sh | 11 +++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/build.sh b/build.sh
index fbaff6e..6b4f752 100755
--- a/build.sh
+++ b/build.sh
@@ -114,6 +114,11 @@ build() {
fi
echo Building $1 module component $2...
+
+if test x$BUILT_MODULES_FILE != x; then
+echo $1/$2 $BUILT_MODULES_FILE
+fi
+
old_pwd=`pwd`
cd $SRCDIR || failed cd1 $1 $2
@@ -624,6 +629,8 @@ usage() {
echo -c : run make clean in addition to others
echo -d : run make distcheck in addition to others
echo -D : run make dist in addition to others
+echo -f file: append module being built to file. The last line of
this
+echofile can be used for resuming with -r.
echo -g : build with debug information
echo -n : do not quit after error; just print error message
echo -o module/component : build just this component
@@ -657,6 +664,10 @@ do
-D)
DIST=1
;;
+-f)
+shift
+BUILT_MODULES_FILE=$1
+;;
-g)
CFLAGS=-g3 -O0
export CFLAGS
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkm/AMMACgkQX1gOwKyEAw+RSACghnU9dkVH0RD8bfmNX+zODlGn
UmQAn279M3inBIwjkDIGc88zVLBuJXit
=G7Gx
-END PGP SIGNATURE-
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
