Re: [gdm-list] Security?

From: David Zeuthen <david fubar dk>
To: Jiri Lebl <jirka 5z com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] Security?
Date: Fri, 30 Nov 2007 12:55:23 -0500

On Thu, 2007-11-29 at 22:48 -0600, Jiri Lebl wrote:
> Just for kicks, I was semi-bored for a moment, and since gdm is getting a
> rewrite, I looked at the cookie generation in svn, module gdm and found the
> following gem:

I haven't read the code you are referencing (and the context is not
clear from your mail) but maybe the cookie doesn't have to be secure;
after all, things like 

 String InhibitSleep(void);           # returns cookie
 void UninhibitSleep(String cookie);

is a pretty standard pattern in some IPC services like g-p-m and
gnome-screensaver. It's used to be able to make a distinction between
callers in the same process sharing the same IPC connection (think
applications using an in-process plug-in system).

If that's the case I think it's fine as is; maybe a comment that the
cookie isn't cryptographically secure would be in order though.

     David

Follow-Ups:
- Re: [gdm-list] Security?
  - From: Ray Strode

References:
- [gdm-list] Security?
  - From: Jiri Lebl

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]