Re: Questions about PAM, GDM and gnome-screensaver

From: Alan Coopersmith <alan coopersmith sun com>
To: Brian Cameron <Brian Cameron sun com>
Cc: screensaver-list gnome org, Gary Winiger <gww eng sun com>
Subject: Re: Questions about PAM, GDM and gnome-screensaver
Date: Mon, 05 Nov 2007 13:37:42 -0800

Brian Cameron wrote:
> I don't think that it would be acceptable to run the GUI program with
> privilege.  In order to support xscreensaver on Solaris, we needed to
> break it into two processes as described above.

We had to break into two processes also because GTK+ won't allow you
to run it in a setuid process, since no one wants to make sure all of
GTK and all the other libraries it depends on (gdk, pango, etc.) are
fully clean and safe from a security standpoint, and because we need
to support GTK accessibility, which requires the GTK module loader to
load even more modules at runtime.   (In short, see
http://www.gtk.org/setuid.html for why it has to be 2 processes.)

-- 
	-Alan Coopersmith-           alan coopersmith sun com
	 Sun Microsystems, Inc. - X Window System Engineering

References:
- Questions about PAM, GDM and gnome-screensaver
  - From: Brian Cameron
- Re: Questions about PAM, GDM and gnome-screensaver
  - From: Ray Strode
- Re: Questions about PAM, GDM and gnome-screensaver
  - From: Brian Cameron

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]