Quote Sven Luther <[EMAIL PROTECTED]>: | On Mon, Sep 15, 2003 at 09:46:26PM +0200, Carlos Perell� Mar�n wrote: | > It's not a bad idea but it has some security issues. What happens if an | > application executes "touch $HOME/.gdm-reboot"? the user does not want | > reboot the machine but a virus/trojan could do it without problems | | What about gdm passing to gnome-session a magic number or something, and | gdm would only reboot/halt if this same magic number would be found in | the .gdm-reboot/halt file ? | | As the magic number will only be known to gdm and gnome-session, it | should be secure, unless your random number generator is compromised, | but in these case, i suspect you are in deeper trouble anyway.
But how could this magic number be known _only_ to gnome-session ? I'm no security expert either, but there are many ways a process of user <a> can get information about other processes of user <a> (ptrace, /proc/$pid etc). I would even believe - though I might be wrong - that a user can see _everything_ about his processes, and that there is no security we can implement at this level. So I think using the X MIT Cookie and the gdm socket would surely improve the system, but more for elegance and reliability than for security. I would implement this better solution if I had both the time and the knowledge; but I've none of those, and this wouldn't be Gnome 2.4 anyway. So, I admit the hack is a bit half-assed, but just consider it a contribution for those who would like to have the feature now. And with the modification describe in my previous mail, I would consider it quite secure. Cheers, -Thomas PS: you might also like to consider that the simplicity of the hack (lauching /usr/bin/ask.gdm.x) is a nice thing, since it makes it easy to integrate into eg. Windowmaker or [your prefered session/desktop manager]. PPS: and, well, this is not a very hard point, but still : remember that the RedHat way is to allow all processes of a user logged on the console to shut the machine down (ie. you don't even need a logout for this shutdown to happen!).
