slightly-less-privileged command execution

[joshua stein]

Ratpoison's IPC mechanism for a remote process requesting a command 
to be run in Ratpoison only requires X11 window properties with 
custom Atoms (RP_COMMAND, RP_COMMAND_REQUEST, RP_COMMAND_RESULT) set 
on a window, which Ratpoison then parses and evaluates.

While this operation requires a process to have a connection to the 
X11 display, it's possible that the remote process has shed its 
privileges after connecting and is not able to execute shell 
commands itself or control the window manager.  An unprivileged 
process with an X11 connection can set RP_COMMAND_REQUEST with a 
value of "0exec some-command-here" and Ratpoison will exec the 
command with the privileges of the Ratpoison process.

This may not be a huge security problem due to the requirement of 
having the X11 connection in the first place, but I thought I'd pass 
it along as something worth considering to be changed in Ratpoison.  
I'm not using Ratpoison anymore but in my fork, I've switched to a 
Unix domain socket for this IPC which requires more privileges than 
just setting an X11 window property:

https://github.com/jcs/sdorfehs/commit/a426e8b6adb729fce85a6a7bf058e35fee8abc99.patch