Tracking users/sessions on the console

[Jamie McCracken]

Havoc Pennington wrote:
> On Wed, 2006-02-01 at 00:02 +0000, Jamie McCracken wrote:
>> Thats right but it gives us a means to detect if the app is in the 
>> user's session. The trick is to not expose the private key outside
>> the 
>> session bus and therefore such calls to the system bus would need to
>> go 
>> via the session bus, which appends the private key behind the scenes
>> (IE 
>> its never visible in the public API). That way at least you can stop 
>> someone posting the private key on their blog!
> 
> The private key would be easily obtainable (from our CVS server, from
> kernel memory, from the local filesystem), and people could replace the
> session bus with one which just ignored the private key or used a
> private key of their choice.

I was assuming the system bus would randomly generate a private key when 
the session bus starts up and registers. The system bus would then 
compare an md5hash of the private key sent by the session bus whenever 
it needed to determine if its an app is in the users session (so the 
session bus could not ignore the key or use one of their choice).

Of course if a user could kill the session bus and run a replacement 
session bus that exposed the key then yeah you are defeated but I would 
hope theres a way to validate the file path of the running session bus 
such that a user would need root privileges to change it and treat it as 
suspicious if not. Afterall we are not worried if someone can get the 
key when they have root privileges.


-- 
Mr Jamie McCracken
http://www.advogato.org/person/jamiemcc/