Re: shutdown from gnome logout dialog
On Sat, Oct 18, 2003 at 02:21:32PM +0200, Jarno Gassenbauer wrote:
> Thanks. Hope it works not only on my current setup.
>
> The interesting part is that George fixed two DoS holes in his gdm
> lately. Now gdm accepts at most 20 commands per connection. At least
> this was the case in the patches he sent to me (only a few hours after
> I notified him about the holes, cool!). I haven't checked if the
> limit of 20 commands made it into the new 2.4.1.7 release, too.
>
> When the gnome logout dialog shows up, it needs 5 commands just to
> authenticate and to query the 4 logout actions. So the user can click
> the radio buttons only 15 times, after that gdm will close the
> connection and the user will be stuck with the last action he chose.
> Serves him right - he shouldn't be so indecisive ;-)
>
> (Well, theoretically he could outsmart the lockup by hitting cancel
> and fireing up the logout dialog again, getting 15 more clicks)
You should not really hang in the connection. I'd just initiate a new
connection and do authentication on every action. It really doesn't take
all that long. So every time the user clicks, open connection, auth,
do the command, close. That way you're not hogging the connection
anyway.
> I agree to Jeff, but I'd maintain the patch until it becomes official.
> Well, at most for 10 years or so...
Don't worry, it doesn't take that long to commit to cvs :)
George
--
George <jirka@5z.com>
Patriotism is your conviction that this country is superior
to all others because you were born in it.
-- George Bernard Shaw
Reply to: