Next CK release?
William Jon McCann
mccann at jhu.edu
Thu Apr 5 12:26:01 PDT 2007
Hi,
On 4/5/07, Ludwig Nussel <ludwig.nussel at suse.de> wrote:
> William Jon McCann wrote:
> > The session process or X11 display may exist or be available at the
> > time of the PAM interaction. An example of this today can be found in
> > openssh sessions. A hypothetical one is what if the GDM greeter
> > process on DISPLAY :0 asks the slave process to authenticated a user
> > and create a new session with the intention of starting the session
> > DISPLAY on :20. In this case not only does PAM get the wrong
> > information about both TTY and DISPLAY we can't try to determine
> > anything about the server until it is created.
>
> I'd expect the dm to set PAM_TTY to :20 whereas $DISPLAY would still
> be :0 in this case.
In order for that not to be a really bad/dangerous race condition
you'd need to actually start the xserver on :20 before doing the
authentication. Not sure that is desirable.
Jon
More information about the hal
mailing list