Re: Default local auth policy
On Sat, 2009-03-14 at 13:50 -0400, James Cloos wrote: Adam == Adam Jackson a...@nwnk.net writes: Adam Currently, if you start X without -ac and without -auth, Adam the default connection policy is to allow connections from Adam localhost. ... Adam I'd like to see a mode where the default policy is effectively Adam +si:localuser:`id -un`, which would allow connections only from Adam the uid that started the server. Adam cookies have to get stored on disk somewhere which sucks for NFS ... While I disagree that storing cookies in $HOME ‘sucks for NFS’, I should have clarified. It sucks because NFS is unencrypted and storing your auth cookies there means the whole wire gets to read them. If you trust everyone on your local network, great. Which leaves the interesting question of what should happen if -auth is not specified, but -ac is? -ac means disable access control. Not to mention whether -nolisten tcp also should be the default? Or perhaps the default only w/o -ac and -auth? In the absence of a -listen, that would be unpleasant. Not that you're necessarily wrong. - ajax signature.asc Description: This is a digitally signed message part ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: How to distinguish Window and Pixmap ID
On Mon, 2009-03-16 at 10:57 +0800, Ren, Zhaohan wrote: Hi all Windows and pixmaps together are known as drawables. Now I get a drawable ID(Created by XCreateWindow or XCreatePixmap) , I want to know how to distinguish them, that is to say how to distinguish if a drawable ID is a pixmap ID or window ID. It seems that I didn't find any Xlib interface to achieve this. Are there any good method to use? There's no good interface for this, or for discovering the type of an arbitrary XID in general. If you think you need one you're probably mistaken. Why do you think you need to do this? You _can_ do something like: static int pixmap = 0; static int pixmap_check(Display *d, void *v) { pixmap = 1; return 0; } /* ... */ XWindowAttributes xwa; void *old_handler = XSetErrorHandler(dpy, pixmap_check); XGetWindowAttributes(dpy, draw, xwa); XSetErrorHandler(dpy, old_handler); if (pixmap) /* whatever */ But really, don't. - ajax signature.asc Description: This is a digitally signed message part ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: Default local auth policy
Adam == Adam Jackson a...@nwnk.net writes: While I disagree that storing cookies in $HOME ‘sucks for NFS’, Adam I should have clarified. It sucks because NFS is unencrypted and Adam storing your auth cookies there means the whole wire gets to read them. Adam If you trust everyone on your local network, great. Ah, OK. I was presuming a secure config. (Or, perhaps, had a fit of nostalgia. :) Which leaves the interesting question of what should happen if -auth is not specified, but -ac is? Adam -ac means disable access control. I must've been just barely awake. While reminding myself of -ac's purpose, I read disables host-based access control mechanisms. and must've only thought about the host-based part Not to mention whether -nolisten tcp also should be the default? Or perhaps the default only w/o -ac and -auth? Adam In the absence of a -listen, that would be unpleasant. Not that Adam you're necessarily wrong. If the point is to make it easier for the currently typical use case of a single box acting as both server and host-for-the-clients, where unix- domain sockets are the norm, tcp sockets may be unnecessary. In any case, just in case I was ambiguous, +1 to the original idea. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: Default local auth policy
On Fri, 2009-03-13 at 13:46 -0400, Adam Jackson wrote: Currently, if you start X without -ac and without -auth, the default connection policy is to allow connections from localhost. In particular, this means on every IPv[46] address, and any local transports including unix sockets. I'd like to see a mode where the default policy is effectively +si:localuser:`id -un`, which would allow connections only from the uid that started the server. This is effectively the policy everyone's trying to implement with xauth cookies, but cookies have to get stored on disk somewhere which sucks for NFS and r/o images, etc. For the gdm case, the display manager would add the real user to the access list once they've been authed, and then remove itself and start the session as the user. Normally I'd just change the default here, but I think this might be a significant enough difference in behaviour that you should have to ask for it. So. New -localuser option? Change the default? Bad idea, give up, take up farming? It sounds sensible, the only thing I'm concerned about is whether with this new default I could sudo X app and still get success. -- Eric Anholt e...@anholt.net eric.anh...@intel.com signature.asc Description: This is a digitally signed message part ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
RE: How to distinguish Window and Pixmap ID
I'm doing some video post-processing work, if the Drawable created by application interface is a window I will use hardware overlay, if it is a pixmap I will use textured video. Now I see, thank you for your help. -Original Message- From: Adam Jackson [mailto:a...@nwnk.net] Sent: 2009年3月16日 22:31 To: Ren, Zhaohan Cc: xorg-devel@lists.x.org Subject: Re: How to distinguish Window and Pixmap ID On Mon, 2009-03-16 at 10:57 +0800, Ren, Zhaohan wrote: Hi all Windows and pixmaps together are known as drawables. Now I get a drawable ID(Created by XCreateWindow or XCreatePixmap) , I want to know how to distinguish them, that is to say how to distinguish if a drawable ID is a pixmap ID or window ID. It seems that I didn't find any Xlib interface to achieve this. Are there any good method to use? There's no good interface for this, or for discovering the type of an arbitrary XID in general. If you think you need one you're probably mistaken. Why do you think you need to do this? You _can_ do something like: static int pixmap = 0; static int pixmap_check(Display *d, void *v) { pixmap = 1; return 0; } /* ... */ XWindowAttributes xwa; void *old_handler = XSetErrorHandler(dpy, pixmap_check); XGetWindowAttributes(dpy, draw, xwa); XSetErrorHandler(dpy, old_handler); if (pixmap) /* whatever */ But really, don't. - ajax ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH] build.sh: add -f flag to append list of modules to a file.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Hutterer wrote: Append the module being built (e.g. lib/libX11) to the file specified with -f. If the build fails, resuming the build is as easy as build.sh -r `tail -n 1 filename` ... Signed-off-by: Peter Hutterer peter.hutte...@who-t.net Clever. I like it. Acked-by: Ian Romanick ian.d.roman...@intel.com --- build.sh | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/build.sh b/build.sh index fbaff6e..6b4f752 100755 --- a/build.sh +++ b/build.sh @@ -114,6 +114,11 @@ build() { fi echo Building $1 module component $2... + +if test x$BUILT_MODULES_FILE != x; then +echo $1/$2 $BUILT_MODULES_FILE +fi + old_pwd=`pwd` cd $SRCDIR || failed cd1 $1 $2 @@ -624,6 +629,8 @@ usage() { echo -c : run make clean in addition to others echo -d : run make distcheck in addition to others echo -D : run make dist in addition to others +echo -f file: append module being built to file. The last line of this +echofile can be used for resuming with -r. echo -g : build with debug information echo -n : do not quit after error; just print error message echo -o module/component : build just this component @@ -657,6 +664,10 @@ do -D) DIST=1 ;; +-f) +shift +BUILT_MODULES_FILE=$1 +;; -g) CFLAGS=-g3 -O0 export CFLAGS -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm/AMMACgkQX1gOwKyEAw+RSACghnU9dkVH0RD8bfmNX+zODlGn UmQAn279M3inBIwjkDIGc88zVLBuJXit =G7Gx -END PGP SIGNATURE- ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel