Tuesday Jan 24, 2006

X11 forwarding 101

I got asked this today:


After I su to root how can I forward an X session over ssh?

This actually hits a huge bug bear of mine, that of people using the xhost command to open up the X server. That is bad but if those same people also have root access well that is just the end. You don't need to open all of X to get this to work. Here is the shell function I use to achieve this:


function xroot
{
        xauth extract ${1:-${TMPDIR:-/tmp}/.Xauthority} :${DISPLAY#\*:} && \\
        echo export DISPLAY=:${DISPLAY#\*:}  && \\
        echo export XAUTHORITY=${1:-${TMPDIR:-/tmp}/.Xauthority}
}

This assumes you are using MIT-MAGIC-COOKEI-1 authentication, I dabbled with the SUN-RPC authentication but that requires a fully integrated name space. All the shell function does is use the xauth command to copy the record for the current display from my .Xauthority file into /tmp and then echo the DISPLAY and XAUTHORITY variables so that they can easily be cut and pasted. It does this as typically my .Xauthority file is on an NFS mounted home directory that root can not access.


So here it is in action:

Sun Microsystems Inc.   SunOS 5.11      snv_30  October 2007
: estale.eu FSS 1 $; xroot
export DISPLAY=:30.0
export XAUTHORITY=/tmp/cg13442/636397/.Xauthority
: estale.eu FSS 2 $; su - kroot
Password:
Sun Microsystems Inc.   SunOS 5.11      snv_30  October 2007
estale <kroot> # export DISPLAY=:30.0
estale <kroot> # export XAUTHORITY=/tmp/cg13442/636397/.Xauthority
estale <kroot> # set -o vi
estale <kroot> # xterm -e sleep 10
estale <kroot> #


There is more that the shell function could to to verify that the file it chooses for the .Xauthority is safe, but I don't need that as I have TMPDIR set to be a directory that no one else has access to.


Tags:

About

This is the old blog of Chris Gerhard. It has mostly moved to http://chrisgerhard.wordpress.com

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today