Re: Security in GNOME

From: Havoc Pennington <hp redhat com>
To: "Michael K. Johnson" <johnsonm redhat com>
cc: gnome-list gnome org
Subject: Re: Security in GNOME
Date: Thu, 12 Aug 1999 11:09:36 -0400 (EDT)

On Thu, 12 Aug 1999, Michael K. Johnson wrote:
> 
> Unfortunately, incorrect.  All the libraries on which it depends and which
> manipulate user-supplied or user-manipulable input must also be audited.
> Since auditing gtk/gdk/glib/theme-engines after every single source code
> change is a huge job that no one has undertaken, making gsu secure is a
> significantly harder task.
>

gsu has a sort of slave process, which is just GNU su that works via pipes
instead of asking for the password on the terminal. So it's not that bad.
It just needs to be checked so we know the pipes stuff hasn't opened any
holes.

> Another idea: I could try to export usermode's capabilities via a
> library and gsu could require this library interface.  Distributions
> without PAM could export the same interface.  As long as you have the
> interface, gsu works.  I'll think about that.
>

Sounds worthwhile.

> The way I see it, consolehelper is more flexible because it will be

But the PAM stuff is clearly a good bit nicer on platforms that have it.
:-)

Havoc

Follow-Ups:
- Re: Security in GNOME
  - From: James Henstridge
- Re: Security in GNOME
  - From: Michael K. Johnson

References:
- Re: Security in GNOME
  - From: Michael K. Johnson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]