Re: Forking Java GUI Apps
From: Sadrul H C (imadil_at_gmail.com)
Date: 09/30/04
- Previous message: Pete Zaitcev (OTID1): "Re: remap_page_range with addresses above 4GB"
- In reply to: Kasper Dupont: "Re: Forking Java GUI Apps"
- Next in thread: Kasper Dupont: "Re: Forking Java GUI Apps"
- Reply: Kasper Dupont: "Re: Forking Java GUI Apps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 29 Sep 2004 22:20:08 -0700
Kasper Dupont <kasperd@daimi.au.dk> wrote in message
news:<415AA4FF.6D5986BF@daimi.au.dk>...
> Sadrul H C wrote:
> >
> > you can set the uid of the forked child process to another user. that
> > should prevent the child from making any successful X-server calls.
>
> This is a misunderstanding. You don't communicate
> with the X-server through function calls. You
> communicate over a socket.
thanks for clearing that up :)
>
> To prevent a process from communicating with the
> X-server you must do two things. Prevent it from
> using an already established socket, that would
> usually just mean close it. And you must prevent
> it from getting the cookie. Usually you read the
> cookie from ~/.Xauthority unless overriden by a
> XAUTHORITY environment variable. But even if it
> does not have read access to that file, it may
> still find the cookie if it exist in the process
> address space. A successfull execve call will
> remove it from address space.
if from root, i wanted to run a child process which
communicates with the X server as a low-privileged
user, then i change the permission levels to that
~/.Xauthority file so that the user can read from it.
is that a good way of doing things?
-- Adil
- Previous message: Pete Zaitcev (OTID1): "Re: remap_page_range with addresses above 4GB"
- In reply to: Kasper Dupont: "Re: Forking Java GUI Apps"
- Next in thread: Kasper Dupont: "Re: Forking Java GUI Apps"
- Reply: Kasper Dupont: "Re: Forking Java GUI Apps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
