Heads up for login managers
David Zeuthen
davidz at redhat.com
Mon Feb 12 17:59:29 UTC 2007
On Mon, 2007-02-12 at 12:54 -0500, David Zeuthen wrote:
> If you have ideas on how to fix Linux so we can have a better security
> model where this is not possible I'd be happy to hear about it.
Repeating my idea
1. Login manager tags the desktop login process with a random cookie
2. Unprivileged processes cannot read nor write the cookie
3. The cookie is inherited by all child processes
4. Privileged processes, like ConsoleKit daemon, can read the cookie
Again, ConsoleKit is designed in a way so it's possible to change this
over from XDG_SESSION_COOKIE. Someone, probably kernel people, just
needs to implement this. Thanks.
David
More information about the Fedora-maintainers
mailing list