[gdm-list] Re: gdm and the action menu when using a remote login (XDMCP)

[Felix Schwarz <Felix Schwarz web de>]

Hi Brian,

Brian Cameron wrote:
> I think it would be acceptable to add such a feature to GDM if it
> were implemented in a secure way and was an optional feature that
> was turned off by default. This means that the themes and gdmlogin
> would need to be smart enough to only show the system menu for
> remote login if the feature is turned on.

After reading your comments I think there are three important points:
1. Off by default (obviously!)
2. No security risk (besides being able to shutdown a remote machine
   without authentification)
3. The current behavior has to be preserved for the default
   configuration (no system menu visible for remote logins).

I think we fully agree on this points.
   
> This relates to the following bugs in bugzilla:
>    http://bugzilla.gnome.org/show_bug.cgi?id=71239
>    http://bugzilla.gnome.org/show_bug.cgi?id=150849

> You'll notice that there is an existing patch with bug 150849.
> However there are problems with the patch.

Yes, you are right. If I understand the patch correctly, it has a
"feature" to shut down the local host using the GDM login screen of
the remote host. I DO NOT want to implement this!

> It would make the feature a lot more secure if the user had to enter
> the root password in order to access the system menu. I believe some
> distros patch the code so it works this way.

Can you explain this a bit further? You would like to see that a user
sees the GDM screen and has to enter the root password in order to
shut down the remote host? I would like to avoid that, IMHO the "shut
down without password" is good for small offices where you can trust
all employees who are able to connect to that computer.

Maybe in a second version I consider to deny remote shutdown without
password if there are other users currently logged in via XDMCP.

-- 
Felix