Re: shutdown from gnome logout dialog
Quote Sven Luther <firstname.lastname@example.org>:
| On Mon, Sep 15, 2003 at 09:46:26PM +0200, Carlos Perelló Marín wrote:
| > It's not a bad idea but it has some security issues. What happens if an
| > application executes "touch $HOME/.gdm-reboot"? the user does not want
| > reboot the machine but a virus/trojan could do it without problems
| What about gdm passing to gnome-session a magic number or something, and
| gdm would only reboot/halt if this same magic number would be found in
| the .gdm-reboot/halt file ?
| As the magic number will only be known to gdm and gnome-session, it
| should be secure, unless your random number generator is compromised,
| but in these case, i suspect you are in deeper trouble anyway.
But how could this magic number be known _only_ to gnome-session ?
I'm no security expert either, but there are many ways a process of user <a>
can get information about other processes of user <a> (ptrace, /proc/$pid
etc). I would even believe - though I might be wrong - that a user can see
_everything_ about his processes, and that there is no security we can
implement at this level.
So I think using the X MIT Cookie and the gdm socket would surely improve the
system, but more for elegance and reliability than for security.
I would implement this better solution if I had both the time and the
knowledge; but I've none of those, and this wouldn't be Gnome 2.4 anyway.
So, I admit the hack is a bit half-assed, but just consider it a contribution
for those who would like to have the feature now. And with the modification
describe in my previous mail, I would consider it quite secure.
PS: you might also like to consider that the simplicity of the hack (lauching
/usr/bin/ask.gdm.x) is a nice thing, since it makes it easy to integrate into
eg. Windowmaker or [your prefered session/desktop manager].
PPS: and, well, this is not a very hard point, but still : remember that the
RedHat way is to allow all processes of a user logged on the console to shut
the machine down (ie. you don't even need a logout for this shutdown to happen!).