On 2/10/07, Bruce Dubbs <[EMAIL PROTECTED]> wrote: > Dan Nicholson wrote: > > > > I don't think there's a real easy way to do this in xorg-server. You'd > > have to manually define -DUSE_PAM and then link in -lpam and > > -lpam_misc to the appropriate libraries. I think I'm just gonna leave > > it out. If it ever gets more support upstream, I'll add it in. > > The reason that this might be needed is to use PAM for authentication > when a remote system is opening a window on the local server. Most of > the time when I do that, it is over ssh so the security is taken care of > that way. Perhaps it would be a way for an administrator to pop up a > window on all displays, but that type of capability seems to be pretty > exotic to me.
Even on a local server, it's a good idea. You've got an suid binary that is designed to directly play with your hardware. Seems a good idea that you do a bit of authentication there. Without PAM, the CheckUserAuthorization function in Xorg just does nothing. However, the issue here is that it's not easy to turn on and I don't know the exact way to do it. > However, looking at a commercial distro: > $ ldd /usr/X11R6/bin/Xorg > libz.so.1 => /usr/lib64/libz.so.1 (0x0000003198a00000) > libm.so.6 => /lib64/tls/libm.so.6 (0x0000003197c00000) > libpam.so.0 => /lib64/libpam.so.0 (0x0000003198400000) > libdl.so.2 => /lib64/libdl.so.2 (0x0000003197e00000) > libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x0000003198000000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000003197900000) > libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003198e00000) > /lib64/ld-linux-x86-64.so.2 (0x0000003197700000) This isn't Fedora, right? I checked their current spec and they don't link to pam. Xorg on the OpenSuSE partition I have isn't linked to it, either. -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
