Disabling RECORD by default
Keith Packard
keithp at keithp.com
Mon Jun 20 18:00:37 UTC 2016
Adam Jackson <ajax at nwnk.net> writes:
> Does this imply that XDMCP users don't deserve accessibility, since we
> can't get a peer gid from a TCP socket? Seems suboptimal.
Without additional work, you would have to choose between security or
functionality.
With a little work, one can imagine using the SECURITY extension to
construct a new authorization token that would be used to limit access
to the extensions needed for accessibility. Getting that integrated into
the desktop environment will take more work than the simple GID-based
access control I proposed, but it's all feasible.
--
-keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 810 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20160620/24909d5d/attachment.sig>
More information about the xorg-devel
mailing list