[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [help-gnubatch] gbch-xq
From: |
Reuti |
Subject: |
Re: [help-gnubatch] gbch-xq |
Date: |
Sun, 24 Oct 2010 13:54:51 +0200 |
Am 23.10.2010 um 17:06 schrieb John Collins (Xi Software Ltd):
> On 18/10/10 06:32, Jan Schampera wrote:
>> Todd Jackson wrote:
>>
>> > gbch-xq: Warning! /home/tjackson/.gnubatch exists but is not readable!
>>
>> Is it (for the RUID, you)?
>>
>>> I'm pretty sure this is because this program is setuid gnubatch, but does
>>> anyone know a way to avoid having to do the xhost command (and disabling X
>>> security)?
>>
>> This could be managed by separating the display access to RUID and doing the
>> work using the permissions it gets from the SetUID bit. I don't know if this
>> is that easy to do in the current code. Maybe Mr. Collins knows off from
>> head (i.e. playing *UID switching for API access and user interface).
> I've been playing around with this and alas the problem is with the GTK+
> library.
>
> The GTK+ library aborts if RUID, EUID and Saved-SetUID are not all the same.
>
> The semantics of setreuid(r, e) are that if r is set (even if the effect
> would be to leave it unchanged) Saved-SetUID is set to the new value of the
> RUID. (If you put -1 as the new RUID it leaves that and the Saved_SetUID
> alone). Once Saved-SetUID has been set you can't change it back.
>
> So we need to do either
>
> setreuid(Realuid, Realuid)
>
> or
>
> setreuid(Effuid, Effuid)
>
> before GTK will work.
>
> If we do the first, then the message queue can't be accessed.
>
> If we do the second, then you need all this "xhost +" before gbch-xq will
> work and problems with accessing the files if $HOME is set 700.
What about:
$ ssh -X address@hidden gbch-xq
I get a window w/o "xhost +" this way.
-- Reuti
> I suppose it could be set-user root but I have a paranoia (which I know is
> widespread) about having things set-user root when they shouldn't be.
>
> I think GTK+ ought not be so fascist myself. People know what they're coding.
> Set-user to something other than root ought to be encouraged not shrouded in
> mystery.
>
> --
> John Collins address@hidden Xi Software Ltd www.xisl.com
>
> Phone: +44 (0)1707 886110 Home Phone: +44 (0)1707 883174
> Mobile: +44 (0)7958 387247 (address@hidden)
>
> Trading Address 3 Mandeville Rise, Welwyn Garden City, Herts, AL8 7JT, UK
>
> Registered in England Company Number 01977148 VAT GB 403 9239 64 R/O: 2 Mill
> Road, Haverhill, Suffolk, CB9 8BD
- [help-gnubatch] gbch-xq, Todd Jackson, 2010/10/17
- Re: [help-gnubatch] gbch-xq, Jan Schampera, 2010/10/18
- Re: [help-gnubatch] gbch-xq, John Collins (home), 2010/10/18
- Re: [help-gnubatch] gbch-xq, John Collins (Xi Software Ltd), 2010/10/23
- Re: [help-gnubatch] gbch-xq,
Reuti <=
- Re: [help-gnubatch] gbch-xq, Jan Schampera, 2010/10/25
- Re: [help-gnubatch] gbch-xq, John Collins (personal), 2010/10/25
- Re: [help-gnubatch] gbch-xq, Jan Schampera, 2010/10/26
- Re: [help-gnubatch] gbch-xq, John Collins (personal), 2010/10/26
- Re: [help-gnubatch] gbch-xq, Jan Schampera, 2010/10/26
- Re: [help-gnubatch] gbch-xq, John Collins (personal), 2010/10/26