On Fri, Mar 13, 2009 at 01:46:06PM -0400, Adam Jackson wrote: > Currently, if you start X without -ac and without -auth, the default > connection policy is to allow connections from localhost. In > particular, this means on every IPv[46] address, and any local > transports including unix sockets. > > I'd like to see a mode where the default policy is effectively > +si:localuser:`id -un`, which would allow connections only from the uid > that started the server. This is effectively the policy everyone's > trying to implement with xauth cookies, but cookies have to get stored > on disk somewhere which sucks for NFS and r/o images, etc. For the gdm > case, the display manager would add the real user to the access list > once they've been authed, and then remove itself and start the session > as the user. > > Normally I'd just change the default here, but I think this might be a > significant enough difference in behaviour that you should have to ask > for it. So. New -localuser option? Change the default? Bad idea, > give up, take up farming?
Change the default, seriously. Cheers, Daniel
signature.asc
Description: Digital signature
_______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
