[Xlock-develop] [Fwd: Re: [Xlock-discuss] PAM integration]
Yuri Bushmelev
jay-dev at simcom.ru
Thu Nov 9 05:11:09 EST 2006
On Tue, 07 Nov 2006 14:34:58 +0100
Dan Lukes <dan at obluda.cz> wrote:
> > Ok, I have new auth framework (draft) instead of one in TODO:
> >
> > Xlock will be started setuid root. After start and proper
> > initialization we create two pipes (or socketpair, if available) and
> > fork a child (auth-backend). Parent (main xlock process) will revoke
> > all privileges.
>
> It seems you are planning "another PAM" which act almost as PAM, but
> has own modules - with legacy PAM as one of them.
Yes. It looks like "another PAM". But while we support some platforms that
does not have PAM, we must support some internal methods..
> The "minimal privilege concept" is good, but I'm not sure we need the
> separate process and IPC protocol between them really. It seems to be
> over-complicated to me. The careful use of seteuid() can satisfy my
> paranoia.
>
> Well, complete separation is more secure, so if you can spend the time
> for it, let's go.
I'm not sure now.. When we properly sanitise command line parameters
and user input (passwords for internal methods), complete separation is
really over-complicated.
> > AUTH\r\n<username>|<uid>
>
> UID is not unique identification of user so it can't be used there.
Accepted :)
> > I have question too.. Such system is not too compex for xlock?
>
> IMHO, yes, it is.
>
> But the decision is up to David, as he is project leader and up to you
> as your time will be spent.
Ok, let's wait for David's anwer.
> P.S. I sure I will understand even you wrote text it in russian, but I'm
> worry about David ;-)
My native language is Russian. In scool and hi-scool I have learn
German. Now I write English. What is next? ;)
--
Yuri Bushmelev
More information about the Xlock-develop
mailing list