On Sun, 30 Jan 2000, Patrick O Neil wrote:
> Sorry, I wasn't expressing anger...it is hard to express anything with email
> text. I am just curious about the logic of thinking that su not being able
> to connect to :0.0 as a security issue given that to someone running as su,
> security is no longer an issue. Su supercedes all security measures, thus
> something minor like preventing su from connecting to a user's display can
> hardly do anything for security. I was trying to emphasize that su/root on
> anyone's system is capable of doing anything at all so that something like
> preventing a connection to display is ridiculous. I can see it for anyone
> BUT su, however.
your fundamental logical flaw is in thinking of X as being part of the
operating system. correct me if i'm wrong, but X is a *user-level*
application, and as such, is quite within its bounds to discriminate
against anyone who tries to open up a new window on the display.
think about it -- i can write a trivial program which, first off,
checks the effective ID of the caller. if that person is root,
i can refuse to run. my prerogative, and nothing to do with the fact
that root has unlimited power. that power is unlimited for *OS-level*
stuff, and may have no effect on user-level stuff, period.
if it makes it any easier, don't think of this as a matter of security
so much as a matter of good manners. if *i* start X on a machine,
it's my display. *mine*. and i have the right to determine who can
and cannot clutter up my display with other client windows. root
has no more privilege than anyone else.
does this make sense?
rday
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
