Branden Robinson wrote: > > I just saw no reason to disallow (e.g. not to
I'm sorry, I meant i.e., not e.g. > > allow by default) root to connect to the xserver of "it's" maschine. And > > it really annoys me and I'm sure, there're a lot of newbies who feel the > > same. > It's not a matter of being explicitly disallowed. I know. [Explanation about X security] I think, you have a false impression of me. Although I'm using *ix just half a year, I don't see myself as a newbie. I know very well the security implications of X networking. > > The reason, I formulated the enhancement request (bug #44109 really is) > > as a question, was, that I wasn't sure if I miss something. But you > > acknowledged, that there's no real security risk. So, my initial > > question remains to be answered. > Well, for one thing, bug 44019 should have been filed with "Severity: > wishlist". Agreed. > I have reviewed the mails I sent you and do not see where I said "there's > no security risk." A user doesn't really have any expectation of security > or privacy on a machine where he or she is not also the administrator. Message-ID: <[EMAIL PROTECTED]> >> How should the (in the FAQ) proposed XAUTH-solution be a security >> problem? >It isn't (well, there are ways you can get careless with it, but...). > You apparently feel that some kind > of hackery should be placed by DEFAULT into the root startup scripts that > permit this kind of thing. Yes. I think the (in the FAQ) proposed XAUTH-solution should be the default. > I disagree. Your system is yours and you may > customize it as you please; but you cannot reasonably expect your > preferences to be shared by all other users of Debian. > It's simply part of Debian's philosophy to provide the user and system > administrator with as customizable an environment as possible. Sometimes > this means requiring novices to learn a thing or two rather than forcing > experts to forget everything they ever knew. Debian caters to both > audiences, and compromises must inevitably be struck. It's not the problem, that I don't want to customize the system. The opposite is true: I'm using free OSes exactly for that reason. This thing really annoys me, but I filed that bug-report, because I think, it's the case for a lot of people and I still don't see any reason, why this shouldn't be the default. Why should "experts" want root not to be able to connect to the local X server? Even on a multiuser system, there's no security problem, since root can connect whenever it wants to. > > If you still feel, this is a waste of your time and don't answer (feel > > free to do so), I'll forward this msg to debian-user. > If you don't understand what I'm saying or why, please do. Added debian-user to recipient list. -- Ben Bucksch http://www.bucksch.com
