On Mon, 27 Sep 2010 16:13:34 +0300 Timo Juhani Lindfors <[email protected]> said:
ok. this, though it seems to work for you, will have problems. though an interesting hack and i'm glad you were inspired! i'm so happy to see the "scratch an itch" thing still alive. :) problems you have. 1. if user client does an xgrab(server/keyboard/pointer) and u stop socat before the grab is released.. you're SOL. a "race condition" or more a "state condition" you havent accounted for. 2. user clients like the wm and cm will cease to work here while you have the root stopping socat - this will effectively bring the display to a grinding halt. much like #1. as for shm 0 sure, the client can modify shm, but it'd require x protocol to let the xserver know it has to read (or write to) that shm segment (as shm pixmaps are deprecated now). either way - the client only modifies the shm segment content and hat is just pixel data - so at worst they can spew out garbage pixels. not too different to what many clients do anyway :) so this is harmless. > Carsten Haitzler (The Rasterman) <[email protected]> writes: > > logged in user is king. you'd have to modify the xserver itself to have > > such a separation and provide a back-channel that can only be accessed by > > root to implement what you want. reality otherwise is that any x client can > > kill off > > Thank you, this discussion inspired me to write a hack. The basic idea > is that Xorg listens on /tmp/.X11-unix/X1 instead of /X0 and a socat > process proxies traffic from /X0 to /X1. When the SAK key is hit, root > can kill -STOP socat to prevent the X clients of the normal user from > interfering. root can then run X applications that talk directly to > /X1. > > 1) In /etc/X11/xdm/Xservers I replaced > > :0 local /usr/bin/X :0 vt7 -nolisten tcp > > with > > :0 local /usr/local/bin/sido-X :1 vt8 -nolisten tcp > > 2) I created /usr/local/bin/sido-X with > > #!/bin/sh > killall socat > killall -9 socat > (sleep 10; socat -lm UNIX-LISTEN:/tmp/.X11-unix/X0,fork,mode=777 > UNIX-CONNECT:/tmp/.X11-unix/X1) & exec Xorg "$@" > > 3) I configured xsakd to run sido-sign-sak when ctrl-alt-del is > hit. sido-sign-sak does > > #!/bin/sh > function get_window_list() { > XAUTHORITY=$auth DISPLAY=:1 xwininfo -tree -root|grep '('|cut -d'(' -f1|awk > '{print $1}'|grep ^0x } > > killall -STOP socat > t=$(mktemp) > auth=$(ps -eocmd | grep " :1 " | grep ^Xorg | tr ' ' '\n' |grep ^/var/) > > get_window_list > $t > XAUTHORITY=$auth DISPLAY=:1 xterm -name SAK -title SAK -bg red -fg black > -e /usr/lib/sido/sido-sign & pid=$! > sleep 1 > t2=$(mktemp) > get_window_list > $t2 > # XAUTHORITY=$auth DISPLAY=:1 xvkbd & > # XAUTHORITY=$auth DISPLAY=:1 xwininfo -tree -root > for w in $(sort -nr $t $t2 | uniq -u); do > XAUTHORITY=$auth DISPLAY=:1 show-window $w > done > wait $pid > > killall -CONT socat > > 3) show-window is just a quick'n'dirty helper application to make the > xterm visible: > > // gcc show-window.c -o show-window -lX11 -Wall -g > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <assert.h> > #include <X11/Xlib.h> > #include <X11/Xlibint.h> > > int main(int argc, char *argv[]) { > int ret; > Display *dpy; > XSetWindowAttributes attr; > unsigned long window; > > assert(argc == 2); > window = strtoul(argv[1], NULL, 16); > assert(window > 0); > > dpy = XOpenDisplay(NULL); > assert(dpy); > > attr.override_redirect = True; > ret = XChangeWindowAttributes(dpy, > window, > CWOverrideRedirect, > &attr); > assert(ret); > > ret = XMapWindow(dpy, > window); > assert(ret); > > ret = XRaiseWindow(dpy, > window); > assert(ret); > > ret = XMoveResizeWindow(dpy, > window, > 152, > 81, > 702, > 411); > assert(ret); > > ret = XSetInputFocus(dpy, > window, > RevertToParent, > CurrentTime); > assert(ret); > > XCloseDisplay(dpy); > > > return 0; > } > > Is this a sound approach in general? I know that even when socat is > stopped normal X clients can still use shm to affect the contents of > the screen. > -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] _______________________________________________ [email protected]: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: [email protected]
