On Wed, 2007-12-19 at 14:05 -0600, Brian Cameron wrote: > So, from this perspective, the idea of merging GDM and gnome-screensaver > into one program makes more and more sense. One nice thing about GDM is > that it is already keeping track of displays, has Xauth knowlege to be > able to run a GUI program as the "gdm" user on any display running as > another user. and already has a mechanism for passing username/password > information from a GUI running as a system user to a root-running daemon > that talks to PAM. Also, why have two daemons when one will do fine? > The more I think about it, the more this direction seems to make > sense from a "make sure its as difficult as possible to disclose > sensitive information from the lock screen" perspective. On of the issues that we had discussed with this is idea that X itself has effectively loadable modules, user configuration and is simply a huge codebase to secure. This is one of the reasons that we restart X on logout on Linux (I'm not sure what Solaris does). That way GDM is always getting a clean X instance that hasn't been modified or configured by the user. This wouldn't be the case if GDM was being run on the user's X server. Also, from a usability perspective, any dialog that appears in a users session we'd want to have the user's themeing. So this would include things like GTK+ theme engines. I'm not sure how this could be worked around. --Ted
Attachment:
signature.asc
Description: This is a digitally signed message part