[1000] in RedHat Linux List
Re: exmh and .Xauthority
daemon@ATHENA.MIT.EDU (Otto Hammersmith)
Fri Oct 25 18:16:32 1996
From: Otto Hammersmith <ohammers@cu-online.com>
To: redhat-list@redhat.com
Date: Fri, 25 Oct 1996 16:22:30 -0500 (CDT)
In-Reply-To: <32711229.AF01178@iceonline.com> from "BORG" at Oct 25, 96 12:16:57 pm
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
BORG wrote:
>
> RHS Linux User wrote:
> >
> > I keep getting the security message when trying to run exmh.
> > I am completely confused about how to get the .Xauthority
> > file working. I even downloaded the emxh tar file to look
> > at the misc/.Xauthority stuff. It keeps referring to an
> > .xserverrc file. ??????????
> >
> > Any help will be much appreciated.
>
> My ~.xserverrc:
>
> [vlad@borg vlad]$ cat .xserverrc
> exec X -bpp 16
> [vlad@borg vlad]$
>
> ...but I have no idea why would exmh need it?! What if you
> create an empty file?
exmh needs the X server to be using MIT-MAGIC-COOKIE auth, or better.
not simple xhost based (xhost) authorization.
It's not really an exmh problem, but a Tk thing. Tk has support for
sending messages between multiple wish processes. Exmh uses this to
implement ita' talking to external editors and so on.
Tk does this through the X server.. but if you're not using some kind
of strong authentication, it can be a bigsecurity hole... Image
someone being able to send any kind of mouse/keyboard events he/she
wants for your X server. There is a compile-time optino for wish to
ignore the fact that you have an unsecured X server... but it's not a
good idea ot turn it on, obviously.
So the solution?
The simple solution is to run xdm. the xdm startup scripts are
already set to put a cookie in ~/.Xauthority and remove it when you
log out... all nice and pretty.
If you, like me don't like using xdm (can't figure out how to have
multiple xdm's on different VCs so I don't have to log out every time
my girlfriend wants to use X :), you can rewrite the scripts (startx
is the best place to start) to run X with the proper -auth option and
to add and delete the cookie from ~/.Xauthority. By far the best
way... but if you're like me (again) you're lazy. :)
So, if you're not worried much about security, (i.e., standalone home
system with only a modem for a network connection) you can have a
singlele cookie from session to session. Create a cookie with:
xauth -merge `mkcookie`
Or something like that. The mkcookie(1) manpage should have the exact
command that works. This should add a cookie into your ~/.Xsession
file... it defaults to that. you can overide it with a command line
option or the envronment variable $XAUTHORITY.
Then you need to start your X server with the proper -auth
option... should be something like this (I'm not at home where I have
a note about this)
startx -- -auth ~/.Xauthority
Now, at one point (before my upgrade to 4.0 with my hacked 2.1) that
didn't work at it should have. The startx (maybe it was xinit) script
was not passing the options all the way through to the X server.
Strange problem I never bothered with. (haven't read much mail from
home latedly.. and it's just too fun to run xsnow for xfishtank on
someone else's display. :)
In any case, it might work with 4.0... but it -should- work if you put
hose options in your .xserverrc
So, that should be everything you need to know to get it running
without errors. Of course, most of this information ins in the exmh
FAQ (help:FAQ menu)... but it tooke me about 5 hours of hacking and
reading man pages to figured out exactly what needed to be done on my
Red Hat system... so the FAQ wasn't that useful last I looked.
Good luck.
--
-Otto
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
