Re: shutdown from gnome logout dialog
On Tue, Sep 16, 2003 at 01:19:00PM +0200, Thomas Morin wrote:
> Quote Sven Luther <firstname.lastname@example.org>:
> | On Mon, Sep 15, 2003 at 09:46:26PM +0200, Carlos Perelló Marín wrote:
> | > It's not a bad idea but it has some security issues. What happens if an
> | > application executes "touch $HOME/.gdm-reboot"? the user does not want
> | > reboot the machine but a virus/trojan could do it without problems
> | What about gdm passing to gnome-session a magic number or something, and
> | gdm would only reboot/halt if this same magic number would be found in
> | the .gdm-reboot/halt file ?
> | As the magic number will only be known to gdm and gnome-session, it
> | should be secure, unless your random number generator is compromised,
> | but in these case, i suspect you are in deeper trouble anyway.
> But how could this magic number be known _only_ to gnome-session ?
Well, i was thinking that gdm would pass it to gnome-session (or
whatever) as an argument to the login script or something such, sure it
is not really secure, as i guess it is easy to access it, but it is not
too easy, and rules out any kind of mistakes or multi-session problems
that may arise. If you really want to do real security, you could
imagine an encrypted password chalenge or some other such schemes, but i
believe it is not worth it in this case.