xserver: do we still need Fopen() ?

Enrico Weigelt, metux IT consult info at metux.net
Fri Feb 2 13:45:35 UTC 2024


Hello folks,

I wonder whether we still need the Fopen() function.

It's a funny and complicated way of loading a file with dropped privs
(by calling `cat` on that file !).

The only call site is LoadAuthorization() (auth.c) for loading the
Xauthority file (if one was passed to xserver via -auth arg). But this
doesn't make much sense to me: why should the xserver - if started as
root (but dropping privs) - be prevented from reading an xauth file ?
And do we still need the complicated exec'ing code path ?

And is there still any need to run it as root at all ?

Am I missing something ?

--mtx

--
---
Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert
werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren
GPG/PGP-Schlüssel zu.
---
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info at metux.net -- +49-151-27565287


More information about the xorg-devel mailing list