I wanted to get XScreenSaver set up so it handles screen-saving when the KDM (K Desktop Manager login screen) is being displayed. My question is the security implications of my actions.
What I did: * Created a user 'xss' - and then configured it as a disabled login (I think - I put a * in the password field in the /etc/shadow file) * Added the following to /etc/kde2/kdm/Xsetup: xhost local: su xss -c 'xscreensaver-command -exit' su xss -c 'xscreensaver -no-splash -silent &' which, as I understand it, allows non-network based connections to X, then runs the xscreensaver commands as the user 'xss' * Added the following to /etc/kde2/kdm/Xstartup xhost -local: killall xscreensaver Which removes the previously allowed non-network-based connections to X, and kills the previously running xscreensaver processes prior to starting the user's Xsession. This configuration works as I intend it to, but I am concerned with the security issues involved. Since I am running the xscreensaver command as a non-priveliged (and login-disabled) user, I think that avoids any major problems from running xscreensaver itself. So, what kind of security problems does adding non-network local connections to the access control list pose in this situation? (the KDM login screen) Thanks for any thoughts/opinions -Troy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
