On Sat, Oct 07, 2023 at 07:51:56AM +0200, Rafael Sadowski wrote: > Hi ports@ > > When I run with PORTS_PRIVSEP activated, I can no longer run X11 tests, > here below is an example. Is there a workaround for this? Is this a > known issue? > > Quite simply reproducible: security/keepassxc && make test >
You can probably work around this by running xhost +si:localuser:_pbuild as you regular account before running the test. This will grant _pbuild access to the X server for local connections in addition to the magic-cookie protocol. For more information see Xsecurity(7). But of course this opens a window for a malicious script in the ports to steal data from your running X applications, like if you didn't use PORTS_PRIVSEP, so use carefully (and do xhost -si:localuser Another option is to use Xephyr(1) or Xnest(1), to run the tests against them. But setting them up is a safe way inside the bsd.ports.mk framework is probably tricky. (and this will not provide much more security since the malicious attacker can still run a proxy in the nested X server to access the main one). -- Matthieu Herrb
