alanc @ sun.com

Alan Coopersmith’s blog

Random thoughts of a disorganized mind...
(and though it should be obvious, while Sun pays me to think about things, they disclaim any responsibility for these thoughts, nor do I claim what I say matches in any way what Sun thinks)

« Previous day (Feb 4, 2006) | Main | Next day (Feb 6, 2006) »

http://blogs.sun.com/alanc/date/20060205

Sunday February 05, 2006

X11 Forwarding 102

Chris Gerhard wrote a post last week he called “X11 Forwarding 101” on using xauth to grant permissions to your X display when you su to root. I was all ready to write a response about how the complex steps he'd shown could be replaced by a simple, yet secure, command in Solaris 10 ^[1]:

xhost +si:localuser:root

but before I could, I got a mail from Casper asking why that feature wasn't working the same in Xsun as in Xorg. A few more e-mails exchanged and he had narrowed it down to it working with Xorg with all connection types, and Xsun with local TCP connections (“localhost:0”), but not with Xsun using Unix domain sockets (“unix:0”) or named pipes (“:0”)^[2].

It turns out there was a bug in local connection type handling that I'd fixed when porting the localuser code from Xsun to Xorg for Xorg 6.8.0, but forgot to backport to Xsun. It was processing the list of hosts first, then exiting before checking the ServerInterpreted types so never saw the localuser type as allowable. I've filed this in Sun's bug database as 6380709 and am putting a fix into Nevada build 34.

Until that fix is out, I guess you'll have to stick with Chris' instructions for Xsun, unless you want to use the slower TCP transport for local connections, but if you are using Xorg on Solaris 10 or Nevada, you can try “xhost +si:localuser:username” when you want to grant another user on the same machine (in the same zone if on a multi-zone machine in Solaris 10) access to your display.

[1] Actually any OS with both Xorg 6.8.0 or later and support for a secure method of determining the identity of the user on the other end of a local connection, such as Solaris 10's getpeerucred or a similar interface such as getpeereid or SO_PEERCRED.

[2] At the level authentication is done, the shared memory transport in Solaris is treated as a named pipe connection, since that it how the connection is established.

[Technorati Tags: Xorg, X11, Solaris, OpenSolaris]

Posted at 11:01AM Feb 05, 2006 by Alan Coopersmith in X11 | Comments[1]

ALS on ER this week

This week's episode of ER, featuring James Woods as a patient with ALS, particularly caught my attention for two reasons:

1) The flashbacks illustrating how his condition worsened over the years provided a better illustration of ALS (better known in the US as “Lou Gehrig's Disease”) than I could remember seeing before. My grandmother died of ALS when I was only 2, so I don't remember much about it - my knowledge of ALS growing up was mainly knowing it was why my grandfather was always one of my biggest sponsors in the MS Society read-a-thon in grade school.

2) It's the first time I'd actually seen an on-screen keyboard similar to the GOK on-screen keyboard for GNOME used with an eye tracker as it was designed for. I've seen Peter give demos using a mouse and most of our testing when we worked on the parts of X that had to interact with it was done in the same way. (I was amazed at how fast he seemed to be able to enter long complex phrases with only his eyes considering how clumsy and slow we are using it with full use of a mouse, but that is probably a mix of portraying familiarity with the technology and dramatic license to keep the flow of the dialogue moving.)

[Technorati Tags: ALS, ER, accessibility.]

Posted at 12:57AM Feb 05, 2006 by Alan Coopersmith in General |

Sun	Mon	Tue	Wed	Thu	Fri	Sat
« February 2006 »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28

Today