From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20868 invoked by alias); 2 Jan 2004 20:13:32 -0000 Mailing-List: contact cygwin-xfree-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-xfree-owner@cygwin.com Mail-Followup-To: cygwin-xfree@cygwin.com Reply-To: cygwin-xfree@cygwin.com Received: (qmail 20861 invoked from network); 2 Jan 2004 20:13:31 -0000 Received: from unknown (HELO meg.hrz.tu-chemnitz.de) (134.109.132.57) by sources.redhat.com with SMTP; 2 Jan 2004 20:13:31 -0000 Received: from hermes.hrz.tu-chemnitz.de ([134.109.132.175]) by meg.hrz.tu-chemnitz.de with esmtp (Exim 4.22) id 1AcVfm-0000LP-GZ; Fri, 02 Jan 2004 21:13:30 +0100 Received: from odoaker.hrz.tu-chemnitz.de ([134.109.132.94] helo=stargate.ago.vpn ident=[dnarikgZTtWnPKSRaRjGDYAAgpDfe7pe]) by hermes.hrz.tu-chemnitz.de with esmtp (Exim 4.20) id 1AcVfl-0006JX-9E; Fri, 02 Jan 2004 21:13:30 +0100 Received: from lupus.ago.vpn (lupus.ago.vpn [192.168.26.203]) by stargate.ago.vpn (Postfix on SuSE Linux 7.0 (i386)) with ESMTP id 1B38E18FA6; Fri, 2 Jan 2004 21:13:28 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by lupus.ago.vpn (Postfix) with ESMTP id A1D478FE7; Fri, 2 Jan 2004 21:13:26 +0100 (MET) Date: Fri, 02 Jan 2004 20:13:00 -0000 From: Alexander Gottwald To: cygwin-xfree@cygwin.com, chris.green@isbd.co.uk Subject: Re: Possible to use clipboard with remote/xdm connection? In-Reply-To: <20040102180025.GA5079@areti.co.uk> Message-ID: References: <20031231221603.GA320@areti.co.uk> <3FF34EE3.9070300@msu.edu> <20040101153702.GB1971@areti.co.uk> <20040102140446.GA4425@areti.co.uk> <20040102144403.GA4596@areti.co.uk> <20040102180025.GA5079@areti.co.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: 0.0 (/) X-Spam-Report: --- Start der SpamAssassin 2.61 Textanalyse (0.0 Punkte) Fragen an/questions to: Postmaster TU Chemnitz --- Ende der SpamAssassin Textanalyse X-Scan-Signature: dc47c4aa4c6dae11ba1f2455f93241ec X-SW-Source: 2004-01/txt/msg00029.txt.bz2 List-Id: Chris Green wrote: > > Same with the gates of a castle. To get in, you must open it from inside. > > This is the main principle of security. You can not allow those who have > > no access to change the permissions. > > > ... but I am "within the castle", I'm sitting running a script on the > win2k system The win2k system and xwin are two different systems. The first may be used by more than one person and the second must only be used by you. Just imagine someone wants to steal a password from you and starts a client which registers all keystrokes entered in a xterm. This program can be started from a linux box or from the win2k system itself. The X11 security model tries to prevent this by not allowing any connection that is not started by you. for further reading I advice man Xsecurity. There are all security models described in detail. > and I can't see how to run xwinclip there because it > won't give me permission to display on the terminal that I'm already > using. If you've lost your key you'll be able to leave your house but are not able to enter it again. These are two different situations and the design is good but you have a problem if you've lost your key. > It's of little use to be able to allow xwinclip to run on the win2k > system by executing something on the Linux system. One wants a means > to do it from the X startup script. Yes, it still has problems. Maybe a solution which is more closely bound to the xserver is a better design. eg: XChangeSelection (or ProcSetSelectionOwner) -> check for recursion -> convert X11 Selection to windows clipboard winWndProc(WM_DRAWCLIPBOARD) -> check for recursion -> convert Windows clipboard to X11 selection I'm not familar with the Xserver internals on selection managment. Harold or Kensuke, can you please comment this? That design would remove the need for an external app (or another thread) which acts as client and is therefore bound to the security problems. bye ago NP: Project Pitchfork - Go further -- Alexander.Gottwald@informatik.tu-chemnitz.de http://www.gotti.org ICQ: 126018723