[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lock screen does not work for root in gnome



On Sun, Oct 17, 2004 at 04:56:12PM -0700, Jamie Zawinski wrote:
> Luciano Miguel Ferreira Rocha wrote:
> > 
> > Hm? xscreensaver drops privileges if runned as root, and thus it won't
> > be able to access the X cookies file. Ending up unable to connect to the
> > X server.
> 
> You'd rather it did what KDE does and not drop privs at all, running
> arbitrary eye-candy sub-processes as root?

They can't be trusted to run as root? Can they be trusted to be run as
any user at all?

> 
> > It's not a case of it refusing to do something insecure. In fact, in its
> > documentation, it states that it's "safe to run xscreensaver as root".
> > But in order for it to work, it asks for a "xhost +localhost".
> > 
> > And that I don't find very secure.
> 
> It simply follows the security measures in use by the X server.  If you
> find those onerous and choose to turn them off, that's your business,

No, I find the documentation dangerous.

> but xscreensaver doesn't do that for you.  You could always jump through
> hoops like this instead:
> xauth -f /home/$USER/.Xauthority nextract - $DISPLAY | xauth nmerge -

Why can't xscreensaver do that when run as root? If it sandboxes it
self when it thinks it a necessity, then it should at least do it
properly and fully.

Regards,
Luciano Rocha

-- 
Consciousness: that annoying time between naps.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]