Heads up for login managers
Alan Cox
alan at redhat.com
Mon Feb 12 18:36:26 UTC 2007
On Mon, Feb 12, 2007 at 12:59:29PM -0500, David Zeuthen wrote:
> Repeating my idea
>
> 1. Login manager tags the desktop login process with a random cookie
We use a cookie called "uid" and one called "gid".
> 2. Unprivileged processes cannot read nor write the cookie
We let them read it, but not write it.
> 3. The cookie is inherited by all child processes
Yes.
> 4. Privileged processes, like ConsoleKit daemon, can read the cookie
Yes. When a message is sent via unix domain sockets the cookie is made
available to the recipient solely for checking.
Alan
More information about the Fedora-maintainers
mailing list