On 01/27/15 08:16 AM, Roland Mainz wrote:
See Xsecurity(7) manual page... the SUN-DES-1 MIT-KERBEROS-5 and
ServerInterpreted auth (see $ xhost +si:localuser:root # example in
the man page, likely your preference if you only need Xvfb locally)
are user-to-user authentification mechanisms...
Thou
On Tue, Jan 13, 2015 at 11:22 PM, Billy Wilson wrote:
> Hi,
>
> I have a question about using Xvfb securely on a multi-user system. We are
> currently using xorg-x11-server-Xvfb-1.10.4-6.el6.x86_64. Our main reason
> for using Xvfb is to accommodate one of our users, whose scientific
> computing
Glynn,
We ended up patching the source as you recommended.
We were a little surprised to discover that tightening the umask or mode
prior to socket creation did not prevent others from connecting to Xvfb.
So our second approach was to compare the EUID of the Xvfb process with
the EUID of the
Citējot Billy Wilson :
Hi,
I have a question about using Xvfb securely on a multi-user system.
We are currently using xorg-x11-server-Xvfb-1.10.4-6.el6.x86_64. Our
main reason for using Xvfb is to accommodate one of our users, whose
scientific computing software requires an X server for s
Billy Wilson wrote:
> Is there a way to secure Xvfb during an installation from source, such
> as during ./configure?
I don't think that you're going to get the behaviour you desire
without patching the source.
--
Glynn Clements
___
xorg@lists.x.or
Thanks Glynn, these are some good options.
Is there a way to secure Xvfb during an installation from source, such
as during ./configure?
Thanks,
Billy Wilson
On 01/14/2015 05:09 AM, Glynn Clements wrote:
Billy Wilson wrote:
I have a question about using Xvfb securely on a multi-user system
Billy Wilson wrote:
> I have a question about using Xvfb securely on a multi-user system. We
> are currently using xorg-x11-server-Xvfb-1.10.4-6.el6.x86_64. Our main
> reason for using Xvfb is to accommodate one of our users, whose
> scientific computing software requires an X server for some
