Re: Questions about PAM, GDM and gnome-screensaver


> >> Also, why have two daemons when one will do fine?
> >> The more I think about it, the more this direction seems to make
> >> sense from a "make sure its as difficult as possible to disclose
> >> sensitive information from the lock screen" perspective.
>  >
> > It doesn't solve the "credentials renewal" problem we talked about
> > before though.
> On Solaris, I believe we use pam_setcred to refresh credentials
> (REINITIALIZE/REFRESH).  I'm attaching the manpage for reference.  I'm
> assuming you do this some other way on Linux?
No, same thing.  The point is that a pam module may have to be running
from within the session's environment to properly refresh credentials.
 For instance, if the module stores credentials in the per-session
kernel keyring, then it will need to be running from within the
session to access the keyring.

>  > I would advise against that.  It's broken.  If you grab the server
>  > then all single-threaded gui network applications are going to time
>  > out since they'll be blocking waiting on X and not processing network
>  > I/O.
> GrabServer isn't for everybody.  It probably makes sense for it to
> be a configurable option.  Or perhaps there is a better way to prevent
> snooping.  But I think the choices are either run the GUI as a different
> user and sacrifice theming or run with GrabServer.  Or perhaps Jon's
> idea of running the lockscreen on a different Xserver altogether
> might be an approach.  Or am I missing something?
Running on a different X server is an interesting idea (other than the
same refresh credentials problem)

I think grabbing the server should be avoided though, it's just going
to break apps, and the user will think its the apps fault.

>  > It doesn't prevent snooping either.  All grabbing the server does is
>  > prevent events from getting delivered, it doesn't prevent sniffing the
>  > key presses as they come in.
>  >
>  > A 10 line program that calls XQueryKeymap in a loop can catch key
>  > presses even when the server is grabbed.
> I don't think this is the case.  Note Alan's response.
I could be wrong.  I know it definitely can get around a grabbed
keyboard.  Alan may be right that if the server is grabbed, then only
the grabbing client's requests get processed.  I'm probably wrong.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]