timtas at cubic.ch
Fri Jun 29 15:53:38 CEST 2007
> What are the security issues with a simple local login manager using
> xfce libraries just to start X in the tty used (like qingy in fact, but
> without framebuffer and directfb) ?
As far as I see it:
A login manager naturally is a setuid root program, it runs under root
and can be called by anybody. That is a security implication by itself...
GTK explicitly discourages using their libraries under root. In order to
work around this, you need two separate processes, an unprivileged one
to receive the input and a another one checking userid/password and
switching user and stuff.
So, you need a secure communication method between the gtk login screen
and the privileged helper program that nobody can intercept, as
credential must be passed.
It's certainly doable, but not too many people regard it as a welcome
waste of time to implement such a thing and take the blame for any
security issues. Cause if the login manager can be broken, you're fucked
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
More information about the Xfce4-dev