xauth: needs cookie handling warnings in man page
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Jul 24 11:42:52 PDT 2011
Jamey Sharp wrote:
> Reviewed-by: Jamey Sharp <jamey at minilop.net>
>
> but there are a few things I'd quibble about. First, of course, the
> debian/changelog hunk doesn't go upstream. :-) A patch to the upstream
> repo in git-format-patch format would be easier to apply; see
> http://wiki.x.org/wiki/Development/Documentation/SubmittingPatches
>
> On Fri, Jul 22, 2011 at 11:18:35PM -0400, Michael Gilbert wrote:
> > --- xauth-1.0.6.orig/man/xauth.man
> > +++ xauth-1.0.6/man/xauth.man
> > @@ -90,6 +90,10 @@
> > A protocol name consisting of just a
> > single period is treated as an abbreviation for \fIMIT-MAGIC-COOKIE-1\fP.
> >
> > +WARNING: This usage is considered insecure since the secret magic cookie
> > +will be displayed in command histories and for example the output of ps.
> > +One should use the "merge" command (as described below) instead. Pay
> > +attention to it's warning as well.
>
> s/it's/its/
>
> The "add" command is fine when used interactively, surely? This warning
> only applies to passing a subcommand as command-line arguments to xauth?
Yes, that's correct. I've updated the wording to clarify that. See
new attached patch in git-format-patch format.
Please cc me on replies.
Best wishes,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xauth.patch
Type: text/x-diff
Size: 1676 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20110724/ad9c8649/attachment.patch>
More information about the xorg-devel
mailing list