On 2016-07-01 Fri 18:01 PM |, Sebastien Marie wrote: > > It is the fact that xmessage would be run as root that worry me a bit.
Good point Sebastien. > Now, as xmessage(1) would be only used to provide UI to user, it should > be possible to run it as _x11 (or other unpriviligied user). The useful > information is the exit code of the program, so the rest of the script > (the "case...esac" stuff) could be run as root and only read the exit > code of an unpriviligied one. > OK, I'll investigate that next. My 4th version uses shutdown(8), which can run as operator. I guess nobody could run apm(8) too. > About the "pkill" in GiveConsole, I think it should be more "restricted" > (with -U, -x ...) : else any running xmessage(1) program on the host > will be killed (remote X11 xmessage on the host while another user log > using xdm). Yeah, I've a space at the front of the message, so pgrep -l was getting a bit weird. But running xmessage as _x11 changes the situation! Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
