On Sun, Oct 17, 2004 at 04:56:12PM -0700, Jamie Zawinski wrote:
Luciano Miguel Ferreira Rocha wrote:
>
> Hm? xscreensaver drops privileges if runned as root, and thus it won't
> be able to access the X cookies file. Ending up unable to connect to the
> X server.
You'd rather it did what KDE does and not drop privs at all, running
arbitrary eye-candy sub-processes as root?
They can't be trusted to run as root? Can they be trusted to be run as
any user at all?
> It's not a case of it refusing to do something insecure. In fact, in its
> documentation, it states that it's "safe to run xscreensaver as
root".
> But in order for it to work, it asks for a "xhost +localhost".
>
> And that I don't find very secure.
It simply follows the security measures in use by the X server. If you
find those onerous and choose to turn them off, that's your business,
No, I find the documentation dangerous.
but xscreensaver doesn't do that for you. You could always jump
through
hoops like this instead:
xauth -f /home/$USER/.Xauthority nextract - $DISPLAY | xauth nmerge -
Why can't xscreensaver do that when run as root? If it sandboxes it
self when it thinks it a necessity, then it should at least do it
properly and fully.
Regards,
Luciano Rocha
--
Consciousness: that annoying time between naps.