Stopping and starting the session dbusdaemon with PAM.

John (J5) Palmieri johnp at redhat.com
Fri Oct 21 11:51:56 PDT 2005 

Speaking to a couple of people around here I got the impression that
this is not the best option.   Nalin's response came down to these
arguments:

* Privilege level
  Is the app running as root or not?  If you're a session module, can
  you make the right thing happen for both cases?
* Signal handling -- are there handlers for signals (such as SIGCHLD)
  installed which will keep you from reaping your child process?
* Threads (less likely for PAM, commonplace for nsswitch)
  Are you creating state that will exist after you return control of
  execution to the application?  Will things work correctly if the
  calling application spawns another thread, or forks a second copy of
  itself?

He also though that pam shouldn't be abused for anything not dealing
with authentication.

Steve Grubb, one of our security experts basically reiterated the first
argument.  If you get executed as root then the session daemon has the
potential to do bad things.

Ray Strode who worked on a couple of environment variable issues said
you lose out on propagating certain environment variables if you start
the bus too early.  This means for example activated apps might not work
properly.

On Fri, 2005-10-21 at 13:09 +0200, Stef Bon wrote:
> Hello,
> 
> I've been working on a sollution to run scripts when a session begins, and 
> when a session ends. This possible via the module pam_script.so.
> 
> One of the things I use it for is to start the session part of dbus. The 
> important environmentvariables are made available via the startupfiles of 
> bash. I had to adjust my bash installation (.bash_profile) a little.
> 
> When the session ends another script stops this sessiondaemon.
> On my system (LFS/BLFS6.1 www.linuxfromscratch.org ) everything works fine.
> 
> Any comments?
> 
> Stef Bon 
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
-- 
John (J5) Palmieri <johnp at redhat.com>

More information about the dbus mailing list