On Tue, Sep 16, 2003 at 01:19:00PM +0200, Thomas Morin wrote: > Quote Sven Luther <[EMAIL PROTECTED]>: > | On Mon, Sep 15, 2003 at 09:46:26PM +0200, Carlos Perell� Mar�n wrote: > | > It's not a bad idea but it has some security issues. What happens if an > | > application executes "touch $HOME/.gdm-reboot"? the user does not want > | > reboot the machine but a virus/trojan could do it without problems > | > | What about gdm passing to gnome-session a magic number or something, and > | gdm would only reboot/halt if this same magic number would be found in > | the .gdm-reboot/halt file ? > | > | As the magic number will only be known to gdm and gnome-session, it > | should be secure, unless your random number generator is compromised, > | but in these case, i suspect you are in deeper trouble anyway. > > But how could this magic number be known _only_ to gnome-session ?
Well, i was thinking that gdm would pass it to gnome-session (or whatever) as an argument to the login script or something such, sure it is not really secure, as i guess it is easy to access it, but it is not too easy, and rules out any kind of mistakes or multi-session problems that may arise. If you really want to do real security, you could imagine an encrypted password chalenge or some other such schemes, but i believe it is not worth it in this case. Friendly, Sven Luther
