Re: [dev] [surf] [PATCHES] (1) GConf URL schema handlers (2) delete _SURF_GO xprop (3) close stdout sending XID

From: Benjamin R. Haskell <>
Date: Sat, 9 Apr 2011 22:25:47 -0400 (EDT)

On Sat, 9 Apr 2011, Bjartur Thorlacius wrote:

> Adam Strzelecki wrote:
>> It is safer to remove this atom just after it is set in case we send
>> some URL containing passwords or auth tokens
> I'm confused as to the state between setting _SURF_GO and removing it.
> It smells like a race condition to me, but then again I don't
> understand X11 properties. I'd like a clarification as to how security
> is kept in the meantime (between setting and removal of _SURF_GO).

Security isn't kept. This seems like more of a prevention of accidental
disclosure than real security. (And therefore pointless...?)

As an example, with this patch applied, run the following:

# start surf, grabbing its ID
$ surf -x

# in a 'spy' terminal
$ xprop -spy -id 52428803 _SURF_GO

# elsewhere, update _SURF_GO:
$ sprop 52428803 _SURF_GO asdf

The output in the spy terminal is:
_SURF_GO: not found
_SURF_GO(UTF8_STRING) = 0x61, 0x73, 0x64, 0x66 == "asdf"
_SURF_GO: not found

Received on Sun Apr 10 2011 - 04:25:47 CEST

This archive was generated by hypermail 2.2.0 : Sun Apr 10 2011 - 04:36:02 CEST