Re: Re: su/sudo cannot X
- From: hendrik@xxxxxxxxxxxxxx
- Date: Wed, 18 Jan 2006 22:15:57 -0500
On Wed, Jan 18, 2006 at 08:55:58PM -0500, Lei Kong wrote:
> thanks, sux works beautifully.
> but still I don't understand why sudo -s has problems,
> and on my desktop, on problem at all, and I don't remember
> doing special thing on it.
>
> As about the security concern, why is it more secure not to
> let root log into X than otherwise? why is not letting root start X
> client after su/sudo by default a good policy? I just feel it is a
> bit funny, root can do anything, it just can't open a damn window.
> Maybe I really need to dig into xauth manual for an answer.
I've been told that if a process has a window on an X server, it can
create fake events on any of the windows on the X server. This was,
ages ago, a building block for various nice user interfaces, decades
before anybody was serious about computer security. So an open root
window wound be easy prey for any stray process that managed to put
anything on your screen.
Anybody know how true this is?
-- hendrik
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: Re: su/sudo cannot X
- From: Jon Dowland
- Re: su/sudo cannot X
- From: John Hasler
- Re: Re: su/sudo cannot X
- References:
- Re: su/sudo cannot X
- From: Edward J. Shornock
- Re: Re: su/sudo cannot X
- From: Lei Kong
- Re: su/sudo cannot X
- Prev by Date: Re: Re: su/sudo cannot X
- Next by Date: Logical Volume Manager and RAID
- Previous by thread: Re: Re: su/sudo cannot X
- Next by thread: Re: su/sudo cannot X
- Index(es):
Relevant Pages
|
