Tracking users/sessions on the console
jamiemcc at blueyonder.co.uk
Tue Jan 31 17:06:08 PST 2006
Havoc Pennington wrote:
> On Wed, 2006-02-01 at 00:02 +0000, Jamie McCracken wrote:
>> Thats right but it gives us a means to detect if the app is in the
>> user's session. The trick is to not expose the private key outside
>> session bus and therefore such calls to the system bus would need to
>> via the session bus, which appends the private key behind the scenes
>> its never visible in the public API). That way at least you can stop
>> someone posting the private key on their blog!
> The private key would be easily obtainable (from our CVS server, from
> kernel memory, from the local filesystem), and people could replace the
> session bus with one which just ignored the private key or used a
> private key of their choice.
I was assuming the system bus would randomly generate a private key when
the session bus starts up and registers. The system bus would then
compare an md5hash of the private key sent by the session bus whenever
it needed to determine if its an app is in the users session (so the
session bus could not ignore the key or use one of their choice).
Of course if a user could kill the session bus and run a replacement
session bus that exposed the key then yeah you are defeated but I would
hope theres a way to validate the file path of the running session bus
such that a user would need root privileges to change it and treat it as
suspicious if not. Afterall we are not worried if someone can get the
key when they have root privileges.
Mr Jamie McCracken
More information about the dbus