Nicolas: > On Thu, Mar 06, 2008 at 03:35:01PM -0600, Brian Cameron wrote: >> So really this PAM issue is a non-issue. We just need to make it >> possible to configure gnome-screensaver this way to move forward. >> Since the gnome-screensaver author loves D-Bus, I suspect he would >> want the IPC communication mechanism to be D-Bus, which seems >> reasonable. > > IPC for what?
Communication between the lock screen GUI running as the user, and a backend daemon that runs with authorization and talks to PAM. xscreensaver basically works like this, but I believe it uses a sockets pipe for such communication. >> The area where things get more fuzzy is how to address the Xauth >> snooping issue. The current lock screen programs do not address >> this problem, so perhaps we should just go ahead and migrate to >> gnome-screensaver. Maybe it will be more clear how to address this >> Xauth problem at some future date. This might be reasonable since >> there is the general problem of programs asking for passwords in >> GUI's (thunderbird, evolution, GAIM, etc.) and no mechanisms to >> protect these from snooping. I know there is talk about fixing >> this problem more directly in the Xserver at some point. > > I think fixing this in the X11 protocol would be more appropriate. > > E.g., an operation for grabbing the display's I/O devices that only a > privileged caller could execute (after xauth is done). This, of course, > would mean that the screen lock process that talks to the X11 display > would have to have some privilege that normal user processes don't. So does this mean that the security team is okay with this aspect of Trusted Path just not working with lock screen programs until the issue is fixed in X11? In other words, we don't need to address this in porting from xscreensaver to gnome-screensaver (or other screensavers). Brian
