On Thu, Mar 06, 2008 at 03:35:01PM -0600, Brian Cameron wrote: > So really this PAM issue is a non-issue. We just need to make it > possible to configure gnome-screensaver this way to move forward. > Since the gnome-screensaver author loves D-Bus, I suspect he would > want the IPC communication mechanism to be D-Bus, which seems > reasonable.
IPC for what? > The area where things get more fuzzy is how to address the Xauth > snooping issue. The current lock screen programs do not address > this problem, so perhaps we should just go ahead and migrate to > gnome-screensaver. Maybe it will be more clear how to address this > Xauth problem at some future date. This might be reasonable since > there is the general problem of programs asking for passwords in > GUI's (thunderbird, evolution, GAIM, etc.) and no mechanisms to > protect these from snooping. I know there is talk about fixing > this problem more directly in the Xserver at some point. I think fixing this in the X11 protocol would be more appropriate. E.g., an operation for grabbing the display's I/O devices that only a privileged caller could execute (after xauth is done). This, of course, would mean that the screen lock process that talks to the X11 display would have to have some privilege that normal user processes don't.
