Re: [gdm-list] Jon - patch for gdm-gobject branch
- From: "William Jon McCann" <mccann jhu edu>
- To: "Brian Cameron" <Brian Cameron sun com>
- Cc: gdm-list gnome org
- Subject: Re: [gdm-list] Jon - patch for gdm-gobject branch
- Date: Thu, 11 Oct 2007 14:23:46 -0400
Hey,
On 10/10/07, Brian Cameron <Brian Cameron sun com> wrote:
> Since you are keeping careful track of who contributed various bits
> of code to GDM, you should probably add Gary Winiger
> (Gary Winiger sun com) to the authors list since he wrote the Sun
> Audit stuff.
We don't have any audit stuff yet.
> > Looking pretty good. A few issues:
> > * Seems like it leaks the result from each g_object_get.
> > * The #if 0 around the utmp stuff should be removed from this patch
> > * The name in the D-Bus introspection xml should be x11_display_name
> > * We should probably rename console in the D-Bus introspection xml to
> > be display_device
>
> I think the attached patch addresses the issues we discussed above via
> private email. I am now freeing the values from g_object_get. I also
> fixed the code so that x11_display_name and display_device are in the
> introspection xml. I also changed the places where we were using
> "console_name" in the source code so it now uses "display_device" to
> be consistent.
>
> Can this go upstream? As discussed, the audit and other logic needs
> the display device information to be passed along to the session open.
> So this fixes things so we pass this information along.
Committed with a change to use char instead of gchar.
> [ regarding supporting SDTLOGIN on Solaris ]
>
> This is a private interface that causes the Xserver to drop to user
> permissions so it doesn't run as root, on Solaris. This is a required
> display manager feature for Sun to be able to ship the display manager.
>
> > Using __sun for this seems just wrong.
>
> Would adding a configure argument like --with-sdtlogin to enable this
> feature be acceptable? This way people on Soalris who want to build
> the code with this useful security feature can do so without having to
> figure out how to patch the code, etc.
>
> If this would be acceptable, let me know and I'll clean up the
> SDTLOGIN patch for you.
>
> > What if someone is building on
> > Solaris and doesn't have an Xorg that supports SDTLOGIN? I'll think
> > some more about this but if SDTLOGIN in Xorg is a Sun specific patch
> > then the SDTLOGIN support for GDM might be best applied as a patch to
> > your GDM packages too.
>
> I did mention that Alan Coopersmith from Sun's Xserver team is planning
> to get this interface upstream into the Xorg code so other platforms can
> also have this security feature. However, I know Alan has a lot of work
> on his plate, and it will not likely be done in the short-term. When he
> does this, it probably will be a slightly different interface since
> the "SDTLOGIN" naming probably doesn't make sense for a generic
> interface since the "SD" stands for Sun Desktop".
>
> If it is not acceptable for this code to live upstream, then Sun could
> apply it as a patch. However, the disadvantage here is that people who
> build the GDM code on their own will probably not know to patch the
> code to use this interface.
Doesn't make sense to me to support this in only one of the upstream
projects. And since it will likely require changes once it is
upstreamed in xorg we'll just wait for that I think.
Jon
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
