[1250] in bugtraq
Sgi Xauthority Strangeness
daemon@ATHENA.MIT.EDU (Paul Danckaert)
Tue Mar 14 13:03:56 1995
Date: Tue, 14 Mar 1995 10:38:02 -0500
From: Paul Danckaert <pauld@umbc.edu>
To: bugtraq@fc.net
I was poking around the xdm man page (under Irix 5.3) and found the
following note, which I hadn't heard very much of before:
Warning for SGI installations: With X authorization on,
clients can still connect to the display using shm:0,
even if they are not "authorized" to do so. As a
workaround for this bug, you can disable the use of the
shared memory transport, by adding the -shmnumclients 0
option to the X invocation in
/usr/lib/X11/xdm/Xservers (see the Xsgi man page).
I checked a few machines here, and sure enough, if you can log onto the
machine, you can disable their xauthority and open the display. Looking
back at a 5.2 machine, it would appear to work fine there also.
Now, its nice to document it in the man page, but I've not heard this
mentioned before, so I thought I would pass it along..
Paul Danckaert, Systems