[LightDM] security of dm-tool lock
Yves-Alexis Perez
corsac at debian.org
Wed Jan 29 02:07:06 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I have a question about the dm-tool and especially the lock part. As I
understand it, it's supposed to be used with a locker (like
light-locker, but also stuff like gnome-screensaver and maybe a
unity-sreensaver if that even exist).
Correct me if I'm wrong, but the behavior is:
- - someone calls dm-tool lock (is there a dbus way here?)
- - lightdm reacts by switching vt and sends the dbus “lock” signal
- - the running locker receive the lock signal and locks the screen
My concern is that calling dm-tool lock when no locker is running
(wether because there's no locker installed, because it has crashed or
not started or whatever) means that the system will be left on an
insecure state (unlocked), but at the lightdm prompt, so an user might
think it's correctly locked.
It's pretty easy to reproduce on my Debian box, you just need to call
dm-tool lock with no light-locker running.
One solution would be to make sure noone ever calls dm-tool lock, but
then I'm a bit puzzled at what's the exact usefullness of this tool. I
hoped to add it to xflock4 (the Xfce lock wrapper), but it looks like a
pretty bad idea right now (because of the above concern).
In the end, there's a need for a way to the caller (of dm-tool) to be
sure that it doesn't leave the system in an insecure state. And it has
to work in a heterogen system, too.
I'm not sure how much feedback lightdm gets from the various calls, but
maybe dm-tool could return an error if the locking failed, and switch
back to the original vt?
Does it need to send the lock signal *after* leaving the original vt,
too?
Thanks in advance for any reply on this,
- --
Yves-Alexis Perez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBCgAGBQJS6NLGAAoJEG3bU/KmdcCloJkIAIei1Lb1eBWFCBHLaZe1BbNW
57ooqBHUmmc7D7vyq20mNewvJtCcBapV4Hh+JzcJ8IaTNsR8d1ydSwu92FJywdos
kkHTik+bKXb5N8qPkXYq9D0ySC768PmDZcAmKYJ8t6XFdUumE/aGu2GShWQKBQyf
q+ZOOAWmSdrxdNziC4Avf5y4oEPIBRlGQLi4mkgRFOQLvYYtHlFboaMNzMPPIcS7
cbjicq9rHAZ2o2ydztVZGh5xiSny13D2puY4plLEToz5FTlG+PLWaFysHIT3fxyP
LJzKhVSwS2QDFmZbq8ihKNAry7h1qOLIjzhMIg6Ko6imS+2hXkkS1MpY51nbIto=
=NZBX
-----END PGP SIGNATURE-----
More information about the LightDM
mailing list