Re: [gdm-list] Security?

From: "Ray Strode" <halfline gmail com>
To: George <jirka 5z com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Security?
Date: Fri, 30 Nov 2007 16:59:48 -0500

Hi,

> > Right, we might want to just ditch cookies entirely in the local case
> > (Given a new enough X server to support peer creds)
>
> Not all installations of gdm will be like this ... right?
Not sure.  We'd need to see which servers support it and decide if we
want to support servers that are older/different.  We have to support
cookies for the non-local case anyway, though, so it's not like it
would be much extra work to provide a fallback...

> > Reading from /dev/urandom sounds fine.  It would be nice if there was
> > a g_random_reset_seed () function or some such that would make it
> > fetch a new seed for us.
>
> Why?  I just don't understand your need to involve GRand.  GRand is
> deterministic.  You gain NO SECURITY by using GRand.  You gain nothing!  Why
> use it?
If GRand had a reset_seed function, it wouldn't be deterministic for a
while after every call to reset_seed.

If it isn't clear (it seems like it's not from your responses) I'm not
tied to the g_rand_* apis at all, though.  I'm in the process of
rewriting the code to use /dev/urandom.

--Ray

Follow-Ups:
- Re: [gdm-list] Security?
  - From: Ray Strode

References:
- [gdm-list] Security?
  - From: Jiri Lebl
- Re: [gdm-list] Security?
  - From: Ray Strode
- Re: [gdm-list] Security?
  - From: George
- Re: [gdm-list] Security?
  - From: Ray Strode
- Re: [gdm-list] Security?
  - From: George

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]