Re: GDM photos

From: Martin Kasper Petersen <mkp socsci auc dk>
To: Chris Evans <chris ferret lmh ox ac uk>
Cc: gnome-list gnome org, security-audit ferret lmh ox ac uk
Subject: Re: GDM photos
Date: 10 May 1999 15:33:12 +0200

>>>>> "Chris" == Chris Evans <chris@ferret.lmh.ox.ac.uk> writes:

Chris> I must ask a security question; to what extent has the imblib
Chris> image rendering code (and libraries used) been security
Chris> audited?

It hasn't, afaik.

gdmgreeter is extremely pedantic about the files it reads. It ignores
links and devices and refuses to load files owned by or writable by
anyone except the user.

Furthermore the sysadmin can specify a file size cutoff value and
maximum image dimensions.


Chris> Whilst I am on the topic of security, can someone confirm my
Chris> initial impression of the gdmgreeter security model?

Chris> My understanding is this: gdmgreeter is spawned by
Chris> gdm.

Chris> gdmgreeter runs as a non-root user. 

Chris> gdmgreeter is untrusted by gdm (which runs as root).

Chris> gdmgreeter passes the intended user, password and session back
Chris> to the parent process, gdm, which does all the authentication
Chris> itself.

Correct.

gdm2 is a bit more subtle. It provides a conversation function for PAM
enabling it to control the greeter window (gdmlogin) through a
pipe. I.e. gdmlogin has no knowledge of users or passwords at all. It
sets the label according to input and passes the entered information
back to the daemon/PAM. 

-- 
Martin Kasper Petersen			BOFH, IC1&2, Aalborg University, DK
mailto:mkp@SunSITE.auc.dk		http://SunSITE.auc.dk/~mkp/

References:
- Re: GDM photos
  - From: Chris Evans

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]