Hi, > Now, I've tried to avoid anything xauth-related, but from the little I know: > to support displayfd in startx you'd have to communicate back to startx > about the $DISPLAY and do the xauth dance before continuing with the xinit > initial client connection. AFAICT, that's the tricky bit about -displayfd > support in startx. Does that make sense or am I way off here? Sending $DISPLAY back to startx isn't actually an option since, $DISPLAY comes from the X server, and the auth file has to be prepared before starting the X server. If you start the X server without the auth file then the X server will get started wide open to anyone on the host. Sure you could lock it down at that point, but then there's a race where anyone could open the display and snoop from then on.
The two ideas I proposed in my other mail are the only secure ways I can think to go forward. Either: 1) Have xinit write out the auth file itself (with the $DISPLAY wildcard) or 2) Fix /usr/bin/xauth to allow adding a $DISPLAY wildcard and change startx to use the wildcard. --Ray _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
