Lock screen does not work for root in gnome
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Mon Oct 18 00:04:53 UTC 2004
On Sun, Oct 17, 2004 at 04:56:12PM -0700, Jamie Zawinski wrote:
> Luciano Miguel Ferreira Rocha wrote:
> >
> > Hm? xscreensaver drops privileges if runned as root, and thus it won't
> > be able to access the X cookies file. Ending up unable to connect to the
> > X server.
>
> You'd rather it did what KDE does and not drop privs at all, running
> arbitrary eye-candy sub-processes as root?
They can't be trusted to run as root? Can they be trusted to be run as
any user at all?
>
> > It's not a case of it refusing to do something insecure. In fact, in its
> > documentation, it states that it's "safe to run xscreensaver as root".
> > But in order for it to work, it asks for a "xhost +localhost".
> >
> > And that I don't find very secure.
>
> It simply follows the security measures in use by the X server. If you
> find those onerous and choose to turn them off, that's your business,
No, I find the documentation dangerous.
> but xscreensaver doesn't do that for you. You could always jump through
> hoops like this instead:
> xauth -f /home/$USER/.Xauthority nextract - $DISPLAY | xauth nmerge -
Why can't xscreensaver do that when run as root? If it sandboxes it
self when it thinks it a necessity, then it should at least do it
properly and fully.
Regards,
Luciano Rocha
--
Consciousness: that annoying time between naps.
More information about the devel
mailing list