From owner-freebsd-x11@FreeBSD.ORG Tue Jan 11 00:30:09 2005 Return-Path: Delivered-To: freebsd-x11@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9D2916A4CE; Tue, 11 Jan 2005 00:30:09 +0000 (GMT) Received: from niobe.ijs.si (mail.ijs.si [193.2.4.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED20043D1F; Tue, 11 Jan 2005 00:30:08 +0000 (GMT) (envelope-from dejan.lesjak@ijs.si) Received: from localhost (localhost.ijs.si [127.0.0.1]) by niobe.ijs.si (Postfix) with ESMTP id 0E2F41DD4BE; Tue, 11 Jan 2005 01:30:08 +0100 (CET) Received: from niobe.ijs.si ([127.0.0.1]) by localhost (niobe.ijs.si [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19049-05; Tue, 11 Jan 2005 01:29:28 +0100 (CET) Received: from metatron.ijs.si (metatron.ijs.si [193.2.4.152]) by niobe.ijs.si (Postfix) with ESMTP id 41F3E1DD567; Tue, 11 Jan 2005 01:29:24 +0100 (CET) Received: from idefix.ijs.si (idefix.ijs.si [193.2.4.33]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by metatron.ijs.si (Postfix) with ESMTP id 010291C0008A; Tue, 11 Jan 2005 01:29:21 +0100 (CET) From: Dejan Lesjak To: freebsd-x11@freebsd.org Date: Tue, 11 Jan 2005 01:29:20 +0100 User-Agent: KMail/1.7.2 References: <1105321614.8452.54.camel@leguin> <20050110195340.GC15907@odin.ac.hmc.edu> In-Reply-To: <20050110195340.GC15907@odin.ac.hmc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200501110129.21281.dejan.lesjak@ijs.si> X-Virus-Scanned: amavisd-new at ijs.si cc: ports@freebsd.org cc: x11@freebsd.org Subject: Re: x11 /tmp preparation rc.d script X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2005 00:30:10 -0000 On Monday 10 of January 2005 20:53, Brooks Davis wrote: > On Sun, Jan 09, 2005 at 05:46:54PM -0800, Eric Anholt wrote: > > Attached are my proposed patches to deal with the X11 ICE issue. To > > review, it's required because having .ICE not owned by root is a > > security issue, one that's been papered over with a printed warning and > > sleep(5) in libICE for years, and has recently been changed into an > > actual error by the X.Org folks. > > > > The question is whether to stick it in base or in ports: > > > > In favor of ports: > > - Seems like the proper place. Nothing happens for non-X11 users. > > In favor of base: > > - Would either need to make a separate port just for the script, or > > keep the script in at least 3 separate ports, disregarding the > > cleanup of servers which might make for more ports affected. > > - From ports, it might get started too late in the boot process, or > > not at all in some installations. > > It turns out that doing it in localpkg isn't a problem so we might want > to go ahead and do it that way. > > One thing I've been wondering about is, why isn't startx/xdm doing > this creation? They have the required privs and are garenteed not to > get in a race (since it would be with them selves). > > -- Brooks Because clients need ICE, not the server - if you run an X app on a remote box that doesn't have X server running and connects to X server on local box, the ICE directory that is used is on remote machine - where the client is. So startx/xdm creating it wouldn't help. Dejan