Re: New module proposal: LightDM




Jon:

On 05/14/11 03:37 PM, William Jon McCann wrote:
 It
is certainly a serious overreaction to my statement that a proposal
that is based on an internal architecture change, that uses lines of
code as a metric, and didn't include a single thing that would improve
the user experience seems to me like architecture astronauting.

Early in this discussion, Miguel de Icaza recommended that an audit
be done to compare lightDM and GDM.  While lines-of-code is often not a
particularly useful metric in general, it can become an important
factor when analyzing a security-related module or when doing an audit.

GDM provides some really neat GNOME integration.  However, much of this
integration is available because it uses much of the GNOME
infrastructure (gnome-settings-daemon, metacity, gnome-session, etc.).
This makes the job of reviewing or auditing GDM quite complicated since
it is necessary to review not only the GDM code, but all the
infrastructure code that GDM uses.  With GDM, it is obviously harder to
keep track that changes in the GNOME infrastructure will not negatively
impact the security of the display manager.  It becomes more important
to ensure that developers of infrastructure like g-s-d are aware of how
their code is used in the GDM context, and that they write good, secure
code.

I do not think this is a particularly surprising insight.  As long as
I have worked on GDM, there has always been tension between usability
and keeping security-related code as light as reasonably possible.
Obviously this is somewhat subjective, but GDM is rather far at the
"usability" end of the spectrum.

Having said all this, I do not think this is a real problem.  The
GNOME community mantras are usability and simplicity.  GDM fits with
these mantras quite well for the typical GNOME user and is more than
sufficient for keeping the average GNOME desktop secure.

However, GDM may not be the best display manager choice for particular
users or distros who have more stringent security requirements or who
may require reviewing or auditing of security related programs like GDM.

Brian


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]