Default local auth policy
James Cloos
cloos at jhcloos.com
Sat Mar 14 10:50:18 PDT 2009
>>>>> "Adam" == Adam Jackson <ajax at nwnk.net> writes:
Adam> Currently, if you start X without -ac and without -auth,
Adam> the default connection policy is to allow connections from
Adam> localhost. ...
Adam> I'd like to see a mode where the default policy is effectively
Adam> +si:localuser:`id -un`, which would allow connections only from
Adam> the uid that started the server.
Adam> cookies have to get stored on disk somewhere which sucks for NFS ...
While I disagree that storing cookies in $HOME ‘sucks for NFS’, I very
much agree that a server started w/o -ac and -auth should do exactly
what Adam proposes: allow connections, by default, only from the
starting UID and only from localhost.
When -auth is specified, it should work as it currently does.
Which leaves the interesting question of what should happen if -auth
is not specified, but -ac is?
Not to mention whether -nolisten tcp also should be the default?
Or perhaps the default only w/o -ac and -auth?
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the xorg-devel
mailing list