On Fri, Mar 07, 2008 at 12:45:19PM -0600, Brian Cameron wrote:
> Nicholas:
> >I should note that making use of Solaris privileges to help build a
> >trusted path between the screen lock process and the X11 server would
> >mean that the screen lock process must run on the same system as the X11
> >server because getpeerucred(3C) doesn't work remotely [yet].
>
> But the Xserver also runs as the user. The login program does some
> handshaking with the Xserver to make it drop to user perms after
> the user authenticates.
Not quite:
# pcred $(pgrep Xorg)
5542: e/r/suid=142292 egid=0 rgid=10 sgid=0
groups: 10 30303
# ppriv $(pgrep Xorg)
5542: /usr/X11/bin/Xorg :0 -depth 24 -nolisten tcp -nobanner -auth /var/dt/A
flags = <none>
E: basic
I: basic
P: basic
L: all
#
It's running with e/sgid == 0. Which means it cannot be traced by me:
% pcred $(pgrep Xorg)
pcred: cannot examine 5542: permission denied
%
Making sure that the X11 server is not traceable by the user isn't hard.
The components in the trusted path must not be traceable by the user.
