Re: shutdown from gnome logout dialog

To: Sven Luther <sven.luther@wanadoo.fr>
Cc: Carlos Perelló Marín <carlos@pemas.net>, debian-gtk-gnome@lists.debian.org
Subject: Re: shutdown from gnome logout dialog
From: Thomas Morin <t0m@free.fr>
Date: Tue, 16 Sep 2003 13:19:00 +0200
Message-id: <[🔎] 1063711140.3f66f1a4df3de@webmail.treizh.net>
In-reply-to: <[🔎] 20030915204052.GA11386@iliana>
References: <[🔎] 3F660DBF.6000107@free.fr> <[🔎] 1063655186.844.79.camel@bilbo.pemas.net> <[🔎] 20030915204052.GA11386@iliana>

Quote Sven Luther <sven.luther@wanadoo.fr>:
 | On Mon, Sep 15, 2003 at 09:46:26PM +0200, Carlos Perelló Marín wrote:
 | > It's not a bad idea but it has some security issues. What happens if an
 | > application executes "touch $HOME/.gdm-reboot"? the user does not want
 | > reboot the machine but a virus/trojan could do it without problems
 | 
 | What about gdm passing to gnome-session a magic number or something, and
 | gdm would only reboot/halt if this same magic number would be found in
 | the .gdm-reboot/halt file ?
 |
 | As the magic number will only be known to gdm and gnome-session, it
 | should be secure, unless your random number generator is compromised,
 | but in these case, i suspect you are in deeper trouble anyway.

But how could this magic number be known _only_ to gnome-session ?
I'm no security expert either, but there are many ways a process of user <a>
can get information about other processes of user <a> (ptrace, /proc/$pid
etc). I would even believe - though I might be wrong - that a user can see
_everything_ about his processes, and that there is no security we can
implement at this level.

So I think using the X MIT Cookie and the gdm socket would surely improve the
system, but more for elegance and reliability than for security.
I would implement this better solution if I had both the time and the
knowledge; but I've none of those, and this wouldn't be Gnome 2.4 anyway.

So, I admit the hack is a bit half-assed, but just consider it a contribution
for those who would like to have the feature now.  And with the modification
describe in my previous mail, I would consider it quite secure.

Cheers,

-Thomas

PS: you might also like to consider that the simplicity of the hack (lauching
/usr/bin/ask.gdm.x) is a nice thing, since it makes it easy to integrate into
eg. Windowmaker or [your prefered session/desktop manager].

PPS: and, well, this is not a very hard point, but still : remember that the
RedHat way is to allow all processes of a user logged on the console to shut
the machine down (ie. you don't even need a logout for this shutdown to happen!).

Reply to:

Follow-Ups:
- Re: shutdown from gnome logout dialog
  - From: Sven Luther <sven.luther@wanadoo.fr>

References:
- shutdown from gnome logout dialog
  - From: Thomas Morin <t0m@free.fr>
- Re: shutdown from gnome logout dialog
  - From: Carlos Perelló Marín <carlos@pemas.net>
- Re: shutdown from gnome logout dialog
  - From: Sven Luther <sven.luther@wanadoo.fr>

Prev by Date: Re: shutdown from gnome logout dialog
Next by Date: Re: shutdown from gnome logout dialog
Previous by thread: Re: shutdown from gnome logout dialog
Next by thread: Re: shutdown from gnome logout dialog
Index(es):
- Date
- Thread