On 2014-07-22 23:11:21 +0200, Martin Steigerwald wrote: > Am Dienstag, 22. Juli 2014, 17:48:24 schrieb Vincent Lefevre: > > To be able to save/restore the XKB keymap in a /etc/pm/sleep.d script > > (as a workaround for Debian bug 633849), xkbcomp needs to have access > > to the display. The simplest solution I've found is a > > > > xhost +si:localuser:root > > > > in my .xsession file. > > I think more fine grained would be to use xauth extract / xauth merge.
Yes, perhaps a merge with ~root/.Xauthority > Or just: > > export XAUTHORITY=/home/$USER/.Xauthority No, this will clash with gdm3 (if I choose to use it again). > > I thought that this would be more or less equivalent to the current > > status as root can due pretty much anything, such as getting the > > user's X authority file via /proc/*/environ (my sleep.d script > > could do the same thing, but this is a rather dirty solution). > > Hmmm, okay, so tought about this solution. Why do you think it is dirty? This is potentially insecure. I'm the only user of the machine, but I want to method to still be safe if there are other users, just in case. Some user may introduce fake XAUTHORITY values, such as a symlink pointing to some /dev file... I don't like that. > > > > [*] https://lists.debian.org/debian-user/2014/05/msg00045.html > > http://superuser.com/a/573839 (This one even says that this > > isn't much different from a raw "xhost +"!) > > Well root can always set XAUTHORITY to some random user .Xauthority > file, so I don´t see much of a difference. The problem is that "xhost +" allows other non-root users to accede the display of the user doing the "xhost +". "xhost +si:localuser:root" doesn't have this problem. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140723115359.ga6...@xvii.vinc17.org
