Heads up for login managers
Alan Cox
alan at redhat.com
Mon Feb 12 19:36:46 UTC 2007
On Mon, Feb 12, 2007 at 01:41:19PM -0500, David Zeuthen wrote:
> On Mon, 2007-02-12 at 13:36 -0500, Alan Cox wrote:
> > We use a cookie called "uid" and one called "gid".
>
> The problem is that these are not per-session; am not sure why that is
> so difficult to understand.
>
> > > 4. Privileged processes, like ConsoleKit daemon, can read the cookie
> >
> > Yes. When a message is sent via unix domain sockets the cookie is made
> > available to the recipient solely for checking.
>
> No reason to be patronizing and assuming that I'd forget UNIX 101.
That was not the goal. The point was that what you appear to be trying
to do maps directly onto the existing uid/gid security.
Alan
More information about the Fedora-maintainers
mailing list