ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE
David Zeuthen
zeuthen at gmail.com
Fri Jul 23 08:05:37 PDT 2010
Hi,
On Thu, Jul 22, 2010 at 10:30 PM, Lennart Poettering <mzqohf at 0pointer.de> wrote:
> On Thu, 22.07.10 21:39, Stef Bon (stef at bononline.nl) wrote:
>
>> >I think the XDG_SESSION_COOKIE should go away and be replaced by the
>> >audit session id as maintained by the kernel, which however has slightly
>> >different semantics.
>>
>> Why do you think that?
>
> Because it is sufficient to maintain one session cookie/id. There's no
> need to maintain a number of them.
Remember that in this case $XDG_SESSION_COOKIE was here first. And
it's also portable to e.g. Solaris, something that mattered more than
you probably thought it would (check the history of ConsoleKit and why
we decided to build such a thing).
Also, IIRC, the audit session id was not world-readable initially -
actually, Jon (the ConsoleKit developer) asked Steve Grubb for it to
be world-readable because we wanted to use it instead of
$XDG_SESSION_COOKIE. In fact, Jon and I always regarded
$XDG_SESSION_COOKIE as a hack - something we could use until the the
Linux task structure could give us what we needed.
> Also, it's not trustable
> information. Everybody can just creat his own random session if he feels
> like it. Since this id is supposed to be used for policy this is a bit
> strange.
Of course XDG_SESSION_COOKIE is a secure mechanism (what I guess you
mean with the word "trustable"). Well, of course, anyone can set
$XDG_SESSION_COOKIE to whatever they want - but that doesn't matter
because users of this environment variable should always be checked
against the ConsoleKit database.
I'm not at all opposed to moving to the audit session id. But please
look at things in context before making clever statements (and never
forget that the failure more of "clever" usually is "jerk") and please
check your facts before making grandiose statements.
David
More information about the dbus
mailing list