[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Session Management Proposal



On Sat, Jan 03, 2004 at 01:12:42PM -0800, George wrote:
> On Sat, Jan 03, 2004 at 06:58:33PM +0100, Oswald Buddenhagen wrote:
> > > 1) get rid of the authentication bullshit, start one main socket
> > > say: /tmp/.dm-sockets/main for the unauthenticated stuff and then
> > > per-display sockets like /tmp/.dm-sockets/:0 for the stuff that
> > > requires authentication (console authentication currently).  That
> > > way this can be done with unix permissions rather then the cookie
> > > juggling.
> > >
> > as much as i'd like to agree with this ... i read in some man page,
> > that some systems simply ignore file permissions on socket nodes.
> > depending on which systems are affected, we or those systems are
> > screwed ...
> 
> Maybe that's why I did it this way originally, I can't remember :) OK,
> must do authentication using cookies then.  Oh well.
>
hmm, i researched the topic a bit, and i think we're lucky. there are
several solutions:
- put every socket in an own directory. the dir's permissions _are_
  honored.
  not sure whether this ugly hack should be done on all systems (for
  symmetry) or only on those that need it.
  the file system structure i have in mind is:
  /var/run/dmctl/{global,<disp1>,<disp2>,...}[/socket]
- some BSDs have LOCAL_CRED to identify the peer
- some systems (BSD-lookalike) can send SCM_CREDENTIALS via cmsg; those
  credentials are kernel-checked, so can be used to identify the peer as
  well
the two latter solutions have the advantage, that they get away with just
one socket. not sure all systems we want to support support it, though.
also, the last one is more complex protocol-wise and both require
hand-crafting the permission checking code (what, on the bright side,
gives us additional flexibility (whatever we might need it for)).

> Could we add to the spec that authors of such systems should be
> ritualistically tortured and pictures posted on slashdot?
> 
i'm much in favor of this regardless of possible workarounds. :)

i'll take care of writing a spec; feel free to ping me vigorously if you
don't see anything in, say, two weeks.

greetings

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]