Hi,
On 25-03-15 22:45, Julien Cristau wrote:
On Wed, Mar 25, 2015 at 09:15:12 -0400, Ray Strode wrote:
Hi,
Now, I've tried to avoid anything xauth-related, but from the little I know:
to support displayfd in startx you'd have to communicate back to startx
about the $DISPLAY and do the xauth dance before continuing with the xinit
initial client connection. AFAICT, that's the tricky bit about -displayfd
support in startx. Does that make sense or am I way off here?
Sending $DISPLAY back to startx isn't actually an option since, $DISPLAY comes
from the X server, and the auth file has to be prepared before
starting the X server.
If you start the X server without the auth file then the X server will
get started wide
open to anyone on the host. Sure you could lock it down at that point,
but then there's
a race where anyone could open the display and snoop from then on.
I ran into this when trying to make our xvfb-run wrapper use
-displayfd, would be nice if we can fix this. Maybe by making the
server consider empty -auth file as "nobody allowed" instead of
"everybody allowed"?
As discussed already the proper fix here is to teach xinit to write
out the xauth file, and then have xinit pass both
-displayfd and -xauth <xinit-generated-file> to the server.
See example the gdm code for launching the server for how to do this.
Regards,
Hans
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
