Tim Tassonis timtas at cubic.ch
Fri Jun 29 15:53:38 CEST 2007


polytan wrote:
> Hi,
> What are the security issues with a simple local login manager using 
> xfce libraries just to start X in the tty used (like qingy in fact, but 
> without framebuffer and directfb) ?

As far as I see it:

A login manager naturally is a setuid root program, it runs under root 
and can be called by anybody. That is a security implication by itself...

GTK explicitly discourages using their libraries under root. In order to 
work around this, you need two separate processes, an unprivileged one 
to receive the input and a another one checking userid/password and 
switching user and stuff.

So, you need a secure communication method between the gtk login screen 
and the privileged helper program that nobody can intercept, as 
credential must be passed.

It's certainly doable, but not too many people regard it as a welcome 
waste of time to implement such a thing and take the blame for any 
security issues. Cause if the login manager can be broken, you're fucked 
big time.


> _______________________________________________
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
> http://foo-projects.org/mailman/listinfo/xfce4-dev

More information about the Xfce4-dev mailing list