Re: [gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)

From: Brian Cameron <Brian Cameron Sun COM>
To: Felix Schwarz <Felix Schwarz web de>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)
Date: Fri, 16 Sep 2005 13:02:04 -0500


Felix:

I think it would be acceptable to add such a feature to GDM if it
were implemented in a secure way and was an optional feature that
was turned off by default. This means that the themes and gdmlogin
would need to be smart enough to only show the system menu for
remote login if the feature is turned on.

After reading your comments I think there are three important points:

1. Off by default (obviously!)
2. No security risk (besides being able to shutdown a remote machine
   without authentification)
3. The current behavior has to be preserved for the default
   configuration (no system menu visible for remote logins).

I think we fully agree on this points.


Sounds good.

This relates to the following bugs in bugzilla:
  http://bugzilla.gnome.org/show_bug.cgi?id=71239
  http://bugzilla.gnome.org/show_bug.cgi?id=150849

You'll notice that there is an existing patch with bug 150849.
However there are problems with the patch.


Yes, you are right. If I understand the patch correctly, it has a
"feature" to shut down the local host using the GDM login screen of
the remote host. I DO NOT want to implement this!


I don't think so.  I believe this patch shuts down the remote host
when seeing the login screen via XDMCP.  Test it out.

Something I don't like about this patch is that they added a new
gdm.conf option for RemoteReboot.  Since it is the daemon actually
shutting down the machine, I see no reason why it can't use the
same process for shutting down the machine that is used for local
shutdown - though perhaps I'm missing something.  I suspect this
part of the code is crack.

It would make the feature a lot more secure if the user had to enter
the root password in order to access the system menu. I believe some

distros patch the code so it works this way.


Can you explain this a bit further? You would like to see that a user
sees the GDM screen and has to enter the root password in order to
shut down the remote host? I would like to avoid that, IMHO the "shut
down without password" is good for small offices where you can trust
all employees who are able to connect to that computer.

Maybe in a second version I consider to deny remote shutdown without
password if there are other users currently logged in via XDMCP.


Sorry I wasn't clear.  I was just trying to bring up some other cool
work that can be done with the System Menu.  I'll try to be more
clear:

1. The ability to run Action menu commands from a remote machine.  It
   would be coolest if this were implemented in a way that the
   sysadmin could specify which ones like
   RemoteActionCommands="Reboot","Shutdown" rather than just making
   it work for one command.  This would obviously be set to NULL
   (or no commands) by default.

2. The ability to add arbitary commands to the System Menu.  Perhaps
   a gdm.conf setting like SystemMenuCmds="Option1":/cmd,"Option2":/cmd2"
   This way if a sysadmin wants to put new stuff in the system menu
   they can.  I believe the menu label text could be localized the same
   way that the Welcome message can be localized.

3. Right now the Action Menu only asks for the password if the user
   selects "Configure the login manager".  It would be cool if instead
   of it being hardcoded this way, if the gdm.conf file could be
   used to configure which ActionMenu options require password.  This
   would especially be useful if #2 above is implemented.

   This way if the system administrator wants to turn on certain
   features he/she can decide which ones require passwords.
   Concerning remote access to the Action Menu, it would be useful
   if there were two config options.  One for controlling which ones
   require password on the console and a second one for controlling
   which ones require password for the remote login.  So you could
   specify something like this:

   ActionRequirePassword="Configure Login Manager"
   RemoteActionRequirePassword="Configure Login Manager","Reboot"

   This just makes the Action Menu more secure and gives the
   sysadmin more control over how it works.

I think if all this work were done, GDM would have a really cool
Action Menu.  It's okay if you are only interested in doing some
of the work, but I wanted to make sure we talked about the bigger
picture and some ideas of further work you could consider doing
since you are going to be messing with this part of the code
anyway.

Brian

References:
- [gdm-list] gdm and the action menu when using a remote login (XDMCP)
  - From: Felix Schwarz
- [gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)
  - From: Felix Schwarz
- [gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)
  - From: Felix Schwarz
- Re: [gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)
  - From: Brian Cameron
- [gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)
  - From: Felix Schwarz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]