is it possible to break out of Xephyr
Hi. First, yes I know this may be considered a little bit off topic, given that it's not about xorg development itself; but neither is it a normal support question, I guess. The background is OpenSSH bug #1926 (https://bugzilla.mindrot.org/show_bug.cgi?id=1926), in which I proposed to allow using Xephyr for X-forwarding. But the principle is not limited to SSH. Many people don't want to do X-forwarding (especially from untrusted systems) because of all kind of attacks the evil remote system could perform. Now my idea was, if all that were confined in a Xephyr session (perhaps one per host connection, or perhaps even per executed command - just as the users likes)... one could get kind of a secure X-forwarding. So questions are: 1) Can I restrict X-forwardings to a specific X-server (i.e. the Xephyr instance that should be used for it; and that is for example automatically started by ssh)? How's that done best? (i.e. in the most strict/secure way)? 2) Is it possible to break out of a Xephyr? Well of course I'm not talking about possibly hidden security holes, but rather: Are there intended ways to break out? 3) How about resource sharing? Are there things like shared memory between Xephyr and its host X? Can Xephyr use hardware features like direct communication with the 3D card? 4) What (else) can one do to restrict Xephyr as much as possible? Or more generally, what else should one to with respect to my idea in the above bug. Thanks, Chris. smime.p7s Description: S/MIME cryptographic signature ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
[XDC 2012] Conference Update #6
Hi folks, the XDC2012 conference program (modulo updates) is now available at http://www.x.org/wiki/Events/XDC2012/Program The program will also be available in printed form on site. Please be aware that we currently have major issues with MoinMoin wiki, probably due to the massive spamming attacks Alan is trying hard to repel. If you get Guru Meditations while accessing the Wiki, chances are the watchdog has already triggered, and the Wiki should be back in approximately 15 minutes then. Have fun Matthias -- | ,_, Matthias Hopf matthias.h...@ohm-hochschule.de | ( ) |__| |\/| Professor for Applied Computer Sciencematth...@hopf.in | ,) (, | | | | Georg-Simon-Ohm-University, Nurembergwww.hopf.in ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
vesa driver and rotation via xrandr
Hi all I have googled around, asked on the xorg ml and here I am :) To make it short - I need to use xrandr to rotate the screen when the vesa driver is used. I think that I need to use ShadowFB to make it possible in the first step. But what needs to be done to support xrandr rotation stuff in ShadowFB? Where do I start to program/hack on it? Or is xrandr stuff already supported? so many questions, but I am new to xorg development ;) thanks --- Christian Gmeiner, MSc ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
pull request : fedora fixes.
Okay this time with review, and your version of the compat output patch tested locally. Dave. The following changes since commit 22746df15b5f75dc85f5cf5b73932eb8a44cb89b: dri2: invalidate drawable after sharing pixmap (2012-09-17 09:52:03 +1000) are available in the git repository at: ssh://people.freedesktop.org/~airlied/xserver for-keithp for you to fetch changes up to f991ec4f2a903986bdfa99bce23098e2d2b0a886: xf86: fix compat output selection for no output GPUs (2012-09-19 10:56:50 +1000) Dave Airlie (3): xf86/platform: scan pci after probing devices config/udev: ignore change on drm devices xf86: fix multi-seat video device support. Keith Packard (1): xf86: fix compat output selection for no output GPUs config/udev.c |8 +++- hw/xfree86/common/xf86Bus.c |4 hw/xfree86/common/xf86platformBus.c |6 +- hw/xfree86/modes/xf86Crtc.c |3 ++- 4 files changed, 18 insertions(+), 3 deletions(-) ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: more mostly unreviewed fixes
On Mon, Sep 17, 2012 at 1:47 PM, Keith Packard kei...@keithp.com wrote: Dave Airlie airl...@gmail.com writes: dri2: invalidate drawable after sharing pixmap Merged. f0bad69..22746df master - master xf86: return NULL for compat output if no outputs. I don't like this patch -- reading through the function, there's just one little bit at the bottom which isn't doing the right thing, and it will *still* do the wrong thing if you delete outputs from a screen. Here's an (untested) patch which fixes that test instead: And it works, so I've stuck it in the new pull. xf86/platform: scan pci after probing devices Ick. This seems to assume that the device will remain powered up after get_drm_info closes it again? If that's true, then this seems like it should be a fine kludge to me. Its true for now, I'm not really sure the best way to do this I expect it needs libpciaccess enhancments so we can update the device info for a single device, so we can in the probe, open the device, update pci info, close it. Can you get rid of the gratuitous '' in front of xf86PlatformDeviceProbe for me though? Done. Thanks, Dave. ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: pull request : fedora fixes.
Dave Airlie airl...@gmail.com writes: xf86: fix multi-seat video device support. This has half of the code using ServerIsNotSeat0 and the other half using ServerIsNotSeat0(); seems like I got some intermediate version of the change? -- keith.pack...@intel.com pgpOWlPAcjzLY.pgp Description: PGP signature ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: pull request : fedora fixes.
Here's a fixed one, explains why I had to fix that in another tree but didn't make the link, probably need more sleep. The following changes since commit 22746df15b5f75dc85f5cf5b73932eb8a44cb89b: dri2: invalidate drawable after sharing pixmap (2012-09-17 09:52:03 +1000) are available in the git repository at: ssh://people.freedesktop.org/~airlied/xserver for-keithp for you to fetch changes up to 70e5766874a919039678bb2ed75f2ccea0cb4345: xf86: fix multi-seat video device support. (v2) (2012-09-19 15:48:50 +1000) Dave Airlie (3): xf86/platform: scan pci after probing devices config/udev: ignore change on drm devices xf86: fix multi-seat video device support. (v2) Keith Packard (1): xf86: fix compat output selection for no output GPUs config/udev.c |8 +++- hw/xfree86/common/xf86Bus.c |4 hw/xfree86/common/xf86platformBus.c |6 +- hw/xfree86/modes/xf86Crtc.c |3 ++- 4 files changed, 18 insertions(+), 3 deletions(-) On Wed, Sep 19, 2012 at 3:42 PM, Keith Packard kei...@keithp.com wrote: Dave Airlie airl...@gmail.com writes: xf86: fix multi-seat video device support. This has half of the code using ServerIsNotSeat0 and the other half using ServerIsNotSeat0(); seems like I got some intermediate version of the change? -- keith.pack...@intel.com ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel