[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [help-gnubatch] gbch-xq

From: John Collins (personal)
Subject: Re: [help-gnubatch] gbch-xq
Date: Mon, 25 Oct 2010 10:16:32 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20101006 Lightning/1.0b2 Thunderbird/3.1.5

On 25/10/10 06:34, Jan Schampera wrote:
Reuti wrote:

What about:

$ ssh -X address@hidden gbch-xq

I get a window w/o "xhost +" this way.

-- Reuti

Yes, there are several "on the fly" solutions for it, ssh, xhost +, share the MIT magic cookie, ..., but that's not a "solution" per se, i.e. something that will work out of the box and transparently, and doesn't need additional interaction or breaks security.

The solution is to stop using message queues which is exactly what I'm doing in the new version.

That is the only reason currently to hang on to set-user to gnubatch as message queues have no "open" equivalent which does the permission check once at the beginning - message queues check the send or receive operation against the EUID on every call.

Obviously if you make the message queue wide open you've got a nice big security hole.

And message queues are expensive and a pain in other respects in that other applications can saturate the available pool of messages in the kernel and cause gnubatch to fall over because it can't send any. (This is less of a problem on Linux than most UNIX versions).

John Collins address@hidden
Phone: +44 (0)1707 883174 Mobile: +44 (0)7958 387247 Work Phone: +44 (0)1707 886110
3 Mandeville Rise, Welwyn Garden City, Herts, AL8 7JT, UK

reply via email to

[Prev in Thread] Current Thread [Next in Thread]