startx uses sane autority file for client and server
Egbert Eich
eich at freedesktop.org
Tue May 17 09:47:55 PDT 2005
This may not really be an arch related subject but being that it may
touch broader underlying issues I post this here:
startx as distributed with X.Org uses the .Xautority file that is used
by the X clients to obtain autorization keys for the servers the user
has access to also for passing keys to the server (using the -auth command
line option).
If user A shares access keys with user B (because he needs to
access B's server) and has B's auth key imported into his .Xauthority file
B can gain access to A's Xserver also. This may not be what's intended.
I therefore made a patch to the startx script that puts the server key into
a different .-file in the users home directory.
While I don't think this is a security hole that would require an embargo
I think it's worthwhile fixing for the next release.
The fix can be found in:
https://bugs.freedesktop.org/show_bug.cgi?id=3078
Cheers,
Egbert.
More information about the xorg-arch
mailing list