Re: Porposing libgnomesu for 2.10

Jeff Waugh wrote:
<quote who="Hongli Lai">

Some additional information before anybody asks. ;)
- libgnomesu is not an authentication system - it's an abstraction around whatever system is available on the current machine.
- libgnomesu will use PAM if available.

Does libgnomesu also offer a sudo mode?

It used to, but I disabled it because I think it's impossible to use sudo efficiently. The reason why people use sudo because:
1. People don't have to know the root password.
2. You can control what people run, using the sudoers file.

When using sudo, there is only one reliable way to find out whether the password the user entered is correct: by making sudo run a "proxy" program, that tells libgnomesu that it succeeded, and then runs whatever command is passed by libgnomesu. However, this effectively makes feature #2 useless, as everything is done through the proxy program. It's practically the same as renaming your root password to the password of the current user.

Reading sudo's output isn't an option. sudo doesn't output anything if it succeeded, and if the child process doesn't output anything either, libgnomesu will freeze until the child process ended. And if sudo succeeded, but the child process happens to output the text "Password incorrect", libgnomesu will think it failed while it succeeded.

The only way to get around this is by modifying sudo, and add a feature which allows the parent process to be notified of its status.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]