On 14-03-06 01:16 PM, Ryan Lortie wrote: <snip> >> 2. get lightdm to connect to the user-session bus and send back selected >> informations to the greeter. >> >> That seems like the most flexible/powerful solution, giving access to >> the user session might be a concern for security though. > > In a sense, this is the "best approach". > > I think having lightdm come onto the user's session bus as soon as the > user has logged in has a lot of appeal for quite some reasons. If we > are having lightdm handle the locking then this could allow lightdm to > communicate with the session (and its contents) about things like > inhibit, for example. > > This would also be the best approach to allowing us to model dynamic > information (such as the state of MPRIS music players). It would not be > subject to stale data about the playing song, for example, because the > information would not be persistently stored anywhere at all -- only > proxied. It would be lightdm actively monitoring things, rather than a > utility component in the user's session (which all other approaches > would require). > > The drawback here is security of course. Attaching a privileged > component to the user's session bus exposes a lot of surface area to > possible attack. Even with system level D-Bus components running as > root we don't see this level of exposure because they are hidden behind > the D-Bus daemon, which provides an additional level of protection. In > this case, the user controls the D-Bus daemon, so they can inject > whatever junk they want directly into this component. > > If we feel that we can manage the security implications of this (like, > having it not run as root, for example) then I think this is the best > approach. I think it might be difficult to convince ourselves of this, > however.
Yes, there are a lot of security implications in doing this. It's a _lot_ of attack surface just to get a bit of data transferred to the lock screen. <snip> > > A final possibility is that we find a simple way to create a socket that > can be shared between the session and the greeter and write a small > program to shuffle data across it. This shares the problem that we need > a component in the session (as with all of the cases above except the > one where lightdm gets directly on the session bus). We also have to > figure out a way to share the socket, but this doesn't seem like it's a > particularly difficult problem to solve. > I like this idea. Marc. -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
