Path: utzoo!utgpu!water!watmath!clyde!bellcore!rutgers!ucsd!ucsdhub!hp-sdd!hplabs!hpda!hp-sde!hpfcdc!hpfclp!diamant
From: diamant@hpfclp.SDE.HP.COM (John Diamant)
Newsgroups: comp.windows.x
Subject: Re: Xlock small fix, X security
Message-ID: <9740041@hpfclp.SDE.HP.COM>
Date: 20 Jul 88 01:23:21 GMT
References: <10508@udenva.cair.du.edu>
Organization: HP SDE, Fort Collins, CO
Lines: 26

> It seems the proper way to get the machine name is
> through the environment variable DISPLAY if it is defined; my fix was to
> use getenv(DISPLAY) if non-NULL, otherwise use unix:0.  Perhaps unix:0.0
> would be more portable?

Actually, the proper way is to call XOpenDisplay(NULL) and let the system pick
the default.  The getenv(DISPLAY) is unnecessarily non-portable because it
is Unix specific.  XOpenDisplay will open the default display.  The only time
a non-null value should be passed to XOpenDisplay is if the user specified a
value on the command line.

Re: X security and lack of such
> non-existant X security model is a disaster in the making.  How can we
> get started in preventing it?

Well, starting a mailing list might be worth it.  The biggest problems, as I
see it are the lack of access control to server ids (they're all global), and
the lack of user access control (as opposed to machine).  Project Athena
happens to have a good solution to the second one already (Kerberous).  So,
really the big problem is the first one.


John Diamant
Software Development Environments
Hewlett-Packard Co.		ARPA Internet: diamant@hpfclp.sde.hp.com
Fort Collins, CO		UUCP:  {hplabs,hpfcla}!hpfclp!diamant