* Lukas Latz <[EMAIL PROTECTED]> [20030325 13:21 PST]: > Barry, > > su -m surely does it. So what property that's carried over is it that > makes the difference?
Two things. Environment variables, to be precise. The two in question are DISPLAY and XAUTHORITY. The former tells X clients where the display is (after all, it could be another X server on this machine, or another machine entirely ... it s X after all =). The latter tells X clients how to authenticate themselves to that display. Your display is smart enough to not just allow anybody that tries to connect to it. The dangers of such actions are greater than just anybody being able to display nasty pictures on your screen, but also to take more control over your X session's behavior, such as changing the way your pointer and/or keyboard behave. Note that using xhost generally leaves your arse wide open like this, which is why You Should Never Use Xhost. (If you don't know what xhost is, great. Just know that if anybody ever tells you to use it, they're giving you bad advice.) The XAUTHORITY environment variable points to a file in which a 'magic cookie' is stored. The X server won't allow any client to connect if it doesn't know the magic cookie. When you 'su -m', your original XAUTHORITY environment variable is still present in root's environment. This points at a file in your non-root-user's home directory. Since you're now root, you have permission to read that file and get the magic cookie contained inside. The corollary is that this method won't work (without a minor adjustment) when using 'su -m' to become another non-root user. For that, you can either use the xauth tool or modify the permissions on your xauthority file to allow the other user to read it. (Or you can manually give them the cookie, which is basically something that xauth will help you do less manually.) good times, Vineet -- http://www.doorstop.net/ -- "If we do not believe in freedom of speech for those we despise we do not believe in it at all." --Noam Chomsky
pgp00000.pgp
Description: PGP signature
