On Fri, Jul 01, 2016 at 03:38:26PM +0200, Matthieu Herrb wrote: > > If you spend some time providing a set of nice resouces for xmessages > and keep it minimalistic, I think we can include your suggestion. I've > been waiting for other comments.
Personally I would be a bit reluctant to xmessage stuff (at least "as it"), but it could be only due to my ignorance in the deep of X11 protocol. It is the fact that xmessage would be run as root that worry me a bit. My first react (with first version where xmessage wasn't killed in GiveConsole) was "how is it possible to low-level interact with this X11 app" (I didn't take the time to check it for now). For comparing, the other program, xconsole(1), which is started by Xsetup_0, has privsep. Now, as xmessage(1) would be only used to provide UI to user, it should be possible to run it as _x11 (or other unpriviligied user). The useful information is the exit code of the program, so the rest of the script (the "case...esac" stuff) could be run as root and only read the exit code of an unpriviligied one. About the "pkill" in GiveConsole, I think it should be more "restricted" (with -U, -x ...) : else any running xmessage(1) program on the host will be killed (remote X11 xmessage on the host while another user log using xdm). -- Sebastien Marie
