On 7/26/06, Marc Weber <[EMAIL PROTECTED]> wrote:
> Marc, > In case you are talking X11: > D you have x11 authorization enabled or disabled ? I've been taking x11. I did modify xhost because I wanted a php script be able to launch vim. But I've restarted X now and xhost - shows the same as xhost. It still works.So <c-r>system('xhost') inserts: access control enabled, only authorized clients can connect But I'm not sure.. wether I've enabled localhost.. Anyway, should this be possible? I mean root and "somesuer" should be able to connect to X without somesuer beeing able to run root tasks using --remote-send.. by default. > If your access control is disabled, then can you try 'xhost -' (turn > access control on) and repeat your check ? What you describe > can not happen, AFAIK, when x11 access control is enabled. I've looked at vim code once.. On x it's using some weired gtk hack.. To do this stuff. I think you've tried it yourself and weren't able to reproduce it.. So I think it's my setup only.
I am sure this thing, being potential security issue, awaits for Bram's reaction and verdict. I just wanted to make sure that the status of 'xhost' is mentioned wrt your setup, and to bring the issue of 'xhost' into the picture. With 'xhost +' (security disabled), yes, you can cross the borders and invoke [potentially superuser] commands via vim clientserver. With 'xhost -' (the default state), you can't. With 'xhost -' (security enabled), I get this for your testcase: $ vim --servername GVIM --remote-send ':!ls' Xlib: connection to ":0.0" refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key No display: Send failed. $ vim --serverlist Xlib: connection to ":0.0" refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key (vim is refused connection to x server. It can't send clientserver commands w/o x connection.) Can you confirm that with 'xhost -' you get same negative result as I ? Yakov
