On Sat, May 2, 2009 at 17:57:24 +0200, Loïc Minier wrote: > # Start Xvfb. > MCOOKIE=$(mcookie) > XAUTHORITY=$AUTHFILE xauth add ":$SERVERNUM" "$XAUTHPROTO" "$MCOOKIE" \ > >"$ERRORFILE" 2>&1 > > which is insecure as the MCOOKIE value can be seen for a split second > in the list of processes. > > I think "xauth source -" or a similar construct should be used. > Can I get another pair of eyes before I commit this?
Also I don't quite like the fact that we use /tmp/xvfb-run.$$ as a temp dir instead of using something like 'mktemp -t -d xvfb-run.XXXXXX'. diff --git a/debian/local/xvfb-run b/debian/local/xvfb-run index c85f86a..b11130a 100644 --- a/debian/local/xvfb-run +++ b/debian/local/xvfb-run @@ -157,8 +157,9 @@ fi # Start Xvfb. MCOOKIE=$(mcookie) -XAUTHORITY=$AUTHFILE xauth add ":$SERVERNUM" "$XAUTHPROTO" "$MCOOKIE" \ - >>"$ERRORFILE" 2>&1 +XAUTHORITY=$AUTHFILE xauth source - << EOF >>"$ERRORFILE" 2>&1 +add :$SERVERNUM $XAUTHPROTO $MCOOKIE +EOF XAUTHORITY=$AUTHFILE Xvfb ":$SERVERNUM" $XVFBARGS $LISTENTCP >>"$ERRORFILE" \ 2>&1 & XVFBPID=$! Cheers, Julien -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org