On Sat, 2009-03-14 at 13:50 -0400, James Cloos wrote: > >>>>> "Adam" == Adam Jackson <[email protected]> writes: > > Adam> Currently, if you start X without -ac and without -auth, > Adam> the default connection policy is to allow connections from > Adam> localhost. ... > > Adam> I'd like to see a mode where the default policy is effectively > Adam> +si:localuser:`id -un`, which would allow connections only from > Adam> the uid that started the server. > > Adam> cookies have to get stored on disk somewhere which sucks for NFS ... > > While I disagree that storing cookies in $HOME ‘sucks for NFS’,
I should have clarified. It sucks because NFS is unencrypted and storing your auth cookies there means the whole wire gets to read them. If you trust everyone on your local network, great. > Which leaves the interesting question of what should happen if -auth > is not specified, but -ac is? -ac means "disable access control". > Not to mention whether -nolisten tcp also should be the default? > Or perhaps the default only w/o -ac and -auth? In the absence of a -listen, that would be unpleasant. Not that you're necessarily wrong. - ajax
signature.asc
Description: This is a digitally signed message part
_______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
