Heads up for login managers
David Zeuthen
davidz at redhat.com
Mon Feb 12 20:17:02 UTC 2007
On Mon, 2007-02-12 at 14:46 -0500, Alan Cox wrote:
> On Mon, Feb 12, 2007 at 02:18:41PM -0500, David Zeuthen wrote:
> > The checks against XDG_SESSION_COOKIE is only used to limit access,
>
> They are not limiting access. The "session cookie" is free for anything
> with the same uid to access and use. Its nerf security.
I never claimed it provided security. You will be able to copy
XDG_SESSION_COOKIE from your other processes and that's fine. Just keep
in mind it's easier to just run VNC than copying it around.
However if we used something else than XDG_SESSION_COOKIE, like tagging
a process with a secret cookie that only privileged processes can
read/write it would provide real security.
David
More information about the Fedora-maintainers
mailing list