[ANNOUNCE] libxcb 1.8.1
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Mar 9 10:52:05 PST 2012
On 03/ 9/12 07:08 AM, Timo Juhani Lindfors wrote:
> Julien Danjou<julien at danjou.info> writes:
>> Julien Cristau (1):
>> Fallback to TCP if no protocol is specified and the UNIX
>> connection fails
>
> This sounds like a potential security problem. What's the rationale
> behind this change?
Why would it be a security problem? It's matching the behavior that Xlib
has had for years - if you specify a connection without a protocol (say ":0"),
it tries to find "the best" working protocol - if you want a specific protocol
(tcp, unix socket, etc.) then you specify that in your $DISPLAY or
XOpenDisplay() argument - tcp/remote:0, unix/localhost:1, etc.
Unfortunately, our documentation covering this sucks - I can't
actually remember or find a man page explaining this. X(7) comes
close but is missing the protocol/... bit.
http://cgit.freedesktop.org/xorg/lib/libX11/tree/src/ConnDis.c?id=libX11-1.3.6#n98
is in fact the best description I know of
for it.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg
mailing list