Re: Integrate VMware and Gnome - continued

[Regis Duchesne <hpreg vmware com>]

Sri,

> > What is the exact startup sequence of a Gnome session? Is there a way
> > (read: a parameter to modify) to make it execute arbitrary code (read: 
> > VMware code)?
> 
> You don't want to do this as it creates a security hole.
>  All it takes
> is someone to put something malign for arbitrary code.  Maybe this is
> paranoid thinking but it seems to me that this kind of structure is
> exactly what a cracker would be targeting in order to corrupt as many
> users as possible.
There is no security hole: all the code is executed by the user who
opens the gnome session.

You need to be root to install the code, so there is no security hole
here either (root is supposed to know what he does, including checking 
package signatures and so on to avoid malicious code)

> Alternatively, maybe it would be better if there was a file one could
> stat to see if there are new programs to be executed.  The file would
> contain the install path and the path to the script to run to install the
> userland portion of vmware while the system part of vmware be installed by
> the sysadm.
Yes. Both ways are good, I think the hook way is more flexible though, 
but I think it is good to have a uniform way to do this in Gnome, so
I'm definitely not against your 'file to stat' solution, and some
people have proposed that Gnome handle this so that the user can
choose how he wants to be warned that new apps have been installed.

So basically, we are thinking about a mechanism here, where the
system part (run by root) of the installer of 3rd-party applications
could "register" the user part of the installer to Gnome, and then
Gnome would handle how that user part is presented to the user, and
how it is executed (by the user). Then the user part of the installer
could install icons and menus for the user.

That sounds good, what do you think?

Best regards,
-- 
Regis "HPReg" Duchesne