Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

why is xauth needed? #30

Open
apprehensions opened this issue Nov 27, 2022 · 4 comments
Open

why is xauth needed? #30

apprehensions opened this issue Nov 27, 2022 · 4 comments

Comments

@apprehensions
Copy link

The xauth program is used to edit and display the authorization information used in connecting to the X server.

if removing this from the sx program still makes X function, why is it required as a dependency? is the XAUTHORITY and authentication for security purposes for Xorg applications?
@Earnestly
Copy link
Owner

Earnestly commented Nov 27, 2022
edited
Loading

Yes, see Xsecurity(7) and X(7). X11 is a network protocol that often happens to run on localhost (Xorg used to use a tcp connection in the past but now defaults to a local connection), and without either xauth or xhost based authorisation any user on the system can access your xserver.

If no other authorization mechanism is being used, this list initially consists of the host on which the server is running as well as any machines listed in the file /etc/Xn.hosts, where n is the display number of the server.

It might be nice to use xhost with the Server Interpreted but it has been awhile since I've thought about it and recall some issue with this approach not working out.

Another option, which would have been nice, is using xauth generate as it could remove the dependency on /dev/urandom. The problem then is that xauth generate requires an already running Xserver (DISPLAY) in order to generate an Xauthority entry, but the Xauthority is needed for the -auth flag when starting the server, making this a catch-22 problem.

If you can go through all of the documentation and find a way to reduce sx further, you're more than welcome to have a go. Ultimately wayland will probably replace all of this eventually, so you may want to spend your time in other ways.

@apprehensions
Copy link
Author

apprehensions commented Nov 27, 2022
edited
Loading

Ultimately wayland will probably replace all of this eventually

yeah unfortunately...

i want to run wayland as well but i'm going to pull in the X server dependencies anyway (Xwayland) so whats the point?

@Earnestly
Copy link
Owner

It may dissipate over a long enough time peroid, one can hope.

@apprehensions
Copy link
Author

still tho, having the 'con' of any program being able to access the Xserver can mean i no longer need xauth, libXmu, xhost.

alternatively, sx can be re-written in C for native X startup or management along other things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Earnestly @apprehensions