Hi,
On 19-10-15 12:57, Julien Cristau wrote:
On Mon, Oct 19, 2015 at 10:43:45 +0200, Hans de Goede wrote:
Hi,
On 18-10-15 19:26, Julien Cristau wrote:
When the server is privileged, we shouldn't be passing the user's
environment directly.
Signed-off-by: Julien Cristau <jcris...@debian.org>
I've no real objections against this, and I can see this being a good
thing from a security pov, but I'm afraid this may cause regressions.
Before we had the wrapper the server itself used to be suid-root,
and none of the code for dealing with that has been removed (the server
can still be build that way). So I would expect the server to sanitize
its environment itself...
So I've 2 questions:
1) Is there any concrete reason why this is necessary ?
Enabling logind support means pulling in libdbus, which I didn't want to
do without addressing
https://bugs.freedesktop.org/show_bug.cgi?id=52202
https://bugs.freedesktop.org/show_bug.cgi?id=83849
Ok, that is a very valid reason, can you do a v2 with these bug links .
this rationale added to the commit message ?
I'm still a bit worried there may be some fallout, but I believe the
above reasons are strong enough to just go for it and see if it breaks
anything.
Regards,
Hans
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
