Loading ...
Sorry, an error occurred while loading the content.

Re: [twinklephone] Twinkle Command Line Configuration

Expand Messages
  • Christian Jaeger
    You shouldn t use xhost to manage access, since it s insecure in most situations. Use the tool sux instead of su and X credentials are passed along
    Message 1 of 7 , May 17, 2012
    View Source
    • 0 Attachment
      You shouldn't use xhost to manage access, since it's insecure in most situations.

      Use the tool "sux" instead of "su" and X credentials are passed along automatically. It's in the package of the same name in Debian, dunno about other distros.

      Christian.

    • joerg
      Do 17. Mai 2012 ... well, first and foremost you should run twinkle under same user as your other apps and X. But if that s not feasible and you need to
      Message 2 of 7 , May 17, 2012
      View Source
      • 0 Attachment
        Do 17. Mai 2012
        > You shouldn't use xhost to manage access, since it's insecure in most
        > situations.
        >
        > Use the tool "sux" instead of "su" and X credentials are passed along
        > automatically. It's in the package of the same name in Debian, dunno about
        > other distros.
        >
        > Christian.
        >
        well, first and foremost you should run twinkle under same user as your other
        apps and X. But if that's not feasible and you need to connect to X of a
        foreign user, then yes, there are better methods than xhost.

        Thanks Christian :-)
        /j
      • Christian Jaeger
        2012/5/18 joerg ... Hm, nitpicking: X runs as root. You probably meant, as your other apps and your X (desktop|window manager) .
        Message 3 of 7 , May 24, 2012
        View Source
        • 0 Attachment
          2012/5/18 joerg <joerg.twinklephone@...>
          you should run twinkle under same user as your other
          apps and X.

          Hm, nitpicking: X runs as root. You probably meant, "as your other apps and your X (desktop|window manager)".

          But then, I actually never run Twinkle as that user. Instead I've got a dedicated user just for Twinkle, and use "sux --untrusted" to run twinkle as that user and let it safely show up in my X session. This gives me some leeway in case the arbitrary code execution bugs that C is so famous in gifting one's programs with are being taken advantage of.

          I do this with other apps, too. (Android does it by default, which is a concept that Linux distros should borrow, IMHO.)

          Christian.

        Your message has been successfully submitted and would be delivered to recipients shortly.