Re: [gdm-list] gnome-screensaver authenticates users through GDM
- From: Jeff Cai <Jeff Cai Sun COM>
- To: Alan Coopersmith <Alan Coopersmith Sun COM>
- Cc: gdm-list gnome org, screensaver-list gnome org
- Subject: Re: [gdm-list] gnome-screensaver authenticates users through GDM
- Date: Mon, 18 Jan 2010 15:39:52 +0800
On Sun, 2010-01-17 at 23:16 -0800, Alan Coopersmith wrote:
> Jeff Cai wrote:
> > On Fri, 2010-01-15 at 10:02 -0800, Alan Coopersmith wrote:
> >> Brian Cameron wrote:
> >>> Another advantage is that on the console, this could be written so
> >>> the authentication dialog screen is presented on a separate VT and
> >>> runs as the "gdm" user, providing better TrustedPath security. This,
> >>> for example, ensures that the authentication dialog is not using
> >>> the same Xauth cookie as the user's session, avoiding any possible
> >>> interference or snooping from a userland program.
> >> Running unlock on another X server actually provides even more benefits:
> >
> > Currently, before a user logs in GNOME, I find root user's Xorg keeps
> > running. Why it is not a normal user's X server like 'gdm'?
>
> Xorg starts as root to have the permissions needed open & initialize devices.
> On Solaris & OpenSolaris, there's a backchannel between gdm & Xorg to provide
> a username to switch to when it should run as someone else - this happens at
> login, but presumably not for the mini-session gdm now runs before login.
> (I suppose it could do so, would just need to update the gdm patch that does
> so - but I haven't verified that Xorg can switch uids between non-root users
> without restarting - that would need to be tested.)
>
Thanks, Alan
I have a doubt: Can two X servers be running for the same set of DISPLAY
at the same time? If yes, how can I know which server what I input goes
to?
Jeff
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
