| View previous topic :: View next topic |
| Author |
Message |
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
 Posted: Wed Feb 20, 2008 7:02 pm Post subject: Xnest and xauth [SOLVED] |
 |
|
I recently added a second LCD panel for my deskside. Two panels side-by-side were a bit wide, so I've rotated them. It all works, and gives me an effective 2400x1600 display.
But I have one application that just doesn't play well on a display that big/tall. I'm not sure why, but it's proprietary, closed source, etc. So for now I'm trying to work around the problems. Appropriately I've tried using Xnest to set up a 1200x900 (4:3 ratio, fits on one screen) display. I'm able to display the proprietary application on it, and the problems go away.
But I have no security. Any program can "export DISPLAY=:1" and put things on the Xnest display, which also means they could spy keystrokes on that application, which is completely unacceptable. (That particular application requires some decent level of security.) I'm starting the server with:
| Code: | #!/bin/bash
MCOOKIE=`mcookie`
addIt="boxname/unix:1 MIT_MAGIC_COOKIE-1 ${MCOOKIE}"
echo "addIt=${addIt}"
xauth -f ${HOME}/.nXauth add ${addIt}
xauth -f ${HOME}/.nXauth list
Xnest -br -auth ${HOME}/.nXauth -geometry 1188x891 :1 &
xauth -f /${HOME}/.nXauth list
export XAUTHORITY=${HOME}/.nXauth
export DISPLAY=:1
xterm &
exec icewm |
For the moment I'm only starting an xterm, and there's obviously a bit of flailing going on, here. But the upshot is that I'm not able to get the Xnest session secured by xauth. The man page for Xnest is pretty sketchy, and doesn't include some of the options I'm using. On the other hand, Xnest seems to be quick to complain if I give it options that don't exist, for instance a typo.
Suggestions?
_________________
.sigs waste space and bandwidth
Last edited by depontius on Thu Feb 21, 2008 1:01 pm; edited 1 time in total |
|
| Back to top |
|
 |
Wormo
Retired Dev
Joined: 29 Nov 2004
Posts: 526
Location: SB County California
|
| Posted: Thu Feb 21, 2008 12:38 am Post subject: |
|
|
There is something wrong with the way you are generating your authority file. If Xnest doesn't like what is passed in with -auth, then it runs in fully open mode like you are seeing.
Try this ('.' is short for mit magic cookie)
| Code: |
xauth -f /tmp/AUTH add ":1" . `mcookie`
Xnest -br -auth /tmp/AUTH :1
|
You should need XAUTHORITY=/tmp/AUTH to start up any clients on display :1 |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Thu Feb 21, 2008 1:01 pm Post subject: |
|
|
Your way works.
Don't know why, but I go back and do my way at the command line and it works, too. Was there something special about the authority file being in /tmp instead of a different name in my $HOME?
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
