Hi, I realize this project is no longer maintained, I'm filing this mostly out of due diligence and for future readers.
I accidentally noticed that any local user can connect to DISPLAY=:0, even without access to the .Xauthority file, or XAUTHORITY environment variable, or any additional xauth / xhost configuration permitting them. In the end (with help from susi on #archlinux) this was narrowed down to nodm running Xorg without -auth.
I configured nodm according to its suggested configuration, i.e. NODM_X_OPTIONS='vt7 -nolisten tcp'.
startx does configure an auth file and place it the server's command line using -auth, so this problem does not occur when launching the X server via getty -> startx.
Hi, I realize this project is no longer maintained, I'm filing this mostly out of due diligence and for future readers.
I accidentally noticed that any local user can connect to
DISPLAY=:0
, even without access to the.Xauthority
file, orXAUTHORITY
environment variable, or any additionalxauth
/xhost
configuration permitting them. In the end (with help fromsusi
on#archlinux
) this was narrowed down to nodm runningXorg
without-auth
.I configured nodm according to its suggested configuration, i.e.
NODM_X_OPTIONS='vt7 -nolisten tcp'
.startx
does configure an auth file and place it the server's command line using-auth
, so this problem does not occur when launching the X server via getty ->startx
.