On Wed, Aug 24, 2005 at 12:13:19AM +0200, Denis Barbier wrote: > In order to ease migration from xlibs to xkeyboard-config, an option > is to install xkeyboard-config files under another directory, so > that xlibs and xkeyboard-config can be installed simultaneously. > The selection between xlibs and xkeyboard-config data files could > be made when X starts by adding a new XKBPATH environment variable. > > Here is a patch implementing this feature; I am unable for now to > test it due to lack of CPU and disk resources, and will be grateful > if someone could test it. > > If you XSF guys decide eventually to replace xlibs by xkeyboard-config, > this hack can be removed, but until then it would really help to > install xkeyboard-config on Debian systems.
To be honest, I'm somewhat concerned about this patch: the XKB code is, ah, how to put it -- not incredibly robust or auditable. Combined with XKBPATH, allowing anyone to use their own arbitrary files, and the X server being suid root, this is effectively a local root exploit if someone can manage to exploit the gaping holes all through the XKB code (if you don't believe me, ask me in private, and I can point you to the most horrific examples). Already I can think of one possible shell injection attack, as well as a couple of buffer overflows, that this might enable.
signature.asc
Description: Digital signature