[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shutdown from gnome logout dialog

Quote Sven Luther <sven.luther@wanadoo.fr>:
 | On Mon, Sep 15, 2003 at 09:46:26PM +0200, Carlos Perelló Marín wrote:
 | > It's not a bad idea but it has some security issues. What happens if an
 | > application executes "touch $HOME/.gdm-reboot"? the user does not want
 | > reboot the machine but a virus/trojan could do it without problems
 | What about gdm passing to gnome-session a magic number or something, and
 | gdm would only reboot/halt if this same magic number would be found in
 | the .gdm-reboot/halt file ?
 | As the magic number will only be known to gdm and gnome-session, it
 | should be secure, unless your random number generator is compromised,
 | but in these case, i suspect you are in deeper trouble anyway.

But how could this magic number be known _only_ to gnome-session ?
I'm no security expert either, but there are many ways a process of user <a>
can get information about other processes of user <a> (ptrace, /proc/$pid
etc). I would even believe - though I might be wrong - that a user can see
_everything_ about his processes, and that there is no security we can
implement at this level.

So I think using the X MIT Cookie and the gdm socket would surely improve the
system, but more for elegance and reliability than for security.
I would implement this better solution if I had both the time and the
knowledge; but I've none of those, and this wouldn't be Gnome 2.4 anyway.

So, I admit the hack is a bit half-assed, but just consider it a contribution
for those who would like to have the feature now.  And with the modification
describe in my previous mail, I would consider it quite secure.



PS: you might also like to consider that the simplicity of the hack (lauching
/usr/bin/ask.gdm.x) is a nice thing, since it makes it easy to integrate into
eg. Windowmaker or [your prefered session/desktop manager].

PPS: and, well, this is not a very hard point, but still : remember that the
RedHat way is to allow all processes of a user logged on the console to shut
the machine down (ie. you don't even need a logout for this shutdown to happen!).

Reply to: