On 29 Nov 2002 10:34:11 -0500, Dan Espen wrote: > > Dominik Vogt <fvwm-workers@fvwm.org> writes: > > On Fri, Nov 29, 2002 at 03:16:36PM +0000, Mikhael Goikhman wrote: > > > On 09 Nov 2002 16:00:06 -0500, Dan Espen wrote: > > > > > > > > Don't forget FvwmCommand. > > > > > > Yes, it should not be forgotten. > > > > > > I think it should be replaced with a new command line utility fvwm-exec. > > > I would like to find a way to do it without FvwmCommandS similarly to how > > > fvwm-root tells fvwm it changed a root image. I may check whether it is > > > possible to communicate using X dirrectly and, if yes, will do it later. > > > > Scripting by using roundtrips to the X server? I don't think that > > is a good idea. On one hand it is far slower than even the > > current module interface. And on the other hand it creates a lot > > of problems with permissions and opens even more security holes. > > If Mozilla/Netscape is any example, I agree with Dominik, its horribly > slow.
The communication should not be done using X, only a notification of such communication. I think it is better than sending a signal, because this requires knowing a process number. After a notification the comminication may be initialized just like now, using local pipes in /tmp or similar. Then nothing will be changed regarding security. > I hate breaking compatibilty, more than I dislike inconsistency. If > you change the name, please consider providing a link to the old name. Yes, if any of FvwmCommand/FvwmCommandS/FvwmConsole are to be removed, they will be replaced with wrappers in 2.6.x. I don't want to remove them at this point. I want to try to implement fvwm-exec first and then think whether something is redundant. > I agree that FvwmCommand is a security exposure. Users should > only use it when they have their environment under control. Its good > that it needs to be explicitly turned on. Ok, the default may be "off" until we define a better way. A better way may be to have it "on" for the same local user. Regards, Mikhael. -- Visit the official FVWM web page at <URL:http://www.fvwm.org/>. To unsubscribe from the list, send "unsubscribe fvwm-workers" in the body of a message to [EMAIL PROTECTED] To report problems, send mail to [EMAIL PROTECTED]
