On Thu, Jul 29, 1999 at 07:24:03PM +0200, Peter Münster wrote:
yes, indeed, starting X via "startx" on a SuSE system (NOT the X-server on tty7 under runlevel 3), is not secure at all. Some weeks ago I constructed a solution:
Ok, it turns out, that my machine has the same problem.. so I decided to try to get your solution up and running on my computer. I ran into some problems along the way... Since I am quite literate in bash syntax among other things, I have come up with a fix or two.
This line in /etc/profile (already done in suse with x = startx): function x { /usr/X11R6/bin/startx $* &> ~/.X.err & }
Ok, here's the first problem I ran into. In my /etc/profile there was already a startx function! (I'm running SuSE 5.3, with various patches and a shiny 2.2.x kernel) I don't know if SuSE has removed this from future releases, but it is already there. Find this line in /etc/profile: function xstart { /usr/X11R6/bin/xstart $* 2>&1 | tee ~/.X.err ; } it should be there, and it is functionally equivalent to what you wrote, Peter. I would suggest renaming some stuff so you don't accidentally open up X with this function or just startx itself, but that's only if you want to implement failsafes... ;)
In ~/.alias: alias xl='cd;x -- -auth .Xauthority;logout'
Ok, this is all good, except you don't really need that ";logout", for anyone not literate in bash syntax, that is the equivalent of typing logout immediately after you kill your xsession.. if anyone reading this is like me, they also use the command line for various programs, so remove the logout part if you intend to use the command line after exiting X.. Otherwise, this part worked great.
In the beginning of ~/.xinitrc: xauth add $DISPLAY . `ps auxw|md5sum|cut "-d " -f1`
Ah, the real workhorse. This is the important part... ps auxw to get some long more or less random output, md5sum and cut to format it nicely. Worked perfectly. Leave this intact.
Then: starting X by "xl".
Yup. And it works like a charm.
Perhaps I forgot something, so write me if you have problems!
*grin* So I fixed it on my own and posted it... oh well.. -- Jeff -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/M/>P d-(pu) s+:- a17>? C++(++++) L+++ UL++(+++)@>++++$ P+ E W++@ N+ o? K- w--- O? M V- PS+ PE(--)@ Y++@ PGP t+ 5 X++@ R++@ !tv@ b++ DI++++ D- G e- h! r++ y? ------END GEEK CODE BLOCK------