On Wed, Mar 25, 2015 at 09:15:12 -0400, Ray Strode wrote: > Hi, > > > Now, I've tried to avoid anything xauth-related, but from the little I know: > > to support displayfd in startx you'd have to communicate back to startx > > about the $DISPLAY and do the xauth dance before continuing with the xinit > > initial client connection. AFAICT, that's the tricky bit about -displayfd > > support in startx. Does that make sense or am I way off here? > Sending $DISPLAY back to startx isn't actually an option since, $DISPLAY comes > from the X server, and the auth file has to be prepared before > starting the X server. > If you start the X server without the auth file then the X server will > get started wide > open to anyone on the host. Sure you could lock it down at that point, > but then there's > a race where anyone could open the display and snoop from then on. > I ran into this when trying to make our xvfb-run wrapper use -displayfd, would be nice if we can fix this. Maybe by making the server consider empty -auth file as "nobody allowed" instead of "everybody allowed"?
Julien _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
