ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE
Lennart Poettering
mzqohf at 0pointer.de
Wed Jul 28 03:00:38 PDT 2010
On Fri, 23.07.10 11:05, David Zeuthen (zeuthen at gmail.com) wrote:
>
> Hi,
>
> On Thu, Jul 22, 2010 at 10:30 PM, Lennart Poettering <mzqohf at 0pointer.de> wrote:
> > On Thu, 22.07.10 21:39, Stef Bon (stef at bononline.nl) wrote:
> >
> >> >I think the XDG_SESSION_COOKIE should go away and be replaced by the
> >> >audit session id as maintained by the kernel, which however has slightly
> >> >different semantics.
> >>
> >> Why do you think that?
> >
> > Because it is sufficient to maintain one session cookie/id. There's no
> > need to maintain a number of them.
>
> Remember that in this case $XDG_SESSION_COOKIE was here first. And
> it's also portable to e.g. Solaris, something that mattered more than
> you probably thought it would (check the history of ConsoleKit and why
> we decided to build such a thing).
>
> Also, IIRC, the audit session id was not world-readable initially -
> actually, Jon (the ConsoleKit developer) asked Steve Grubb for it to
> be world-readable because we wanted to use it instead of
> $XDG_SESSION_COOKIE. In fact, Jon and I always regarded
> $XDG_SESSION_COOKIE as a hack - something we could use until the the
> Linux task structure could give us what we needed.
Oh, this was not meant really as criticism. I am aware of the reasons
behind XDG_SESSION_COOKIE and what I pointed out was mostly reflecting
what I heard from you and Jon. I wasn't trying to be smart, just
answering what was public knowledge before.
The only real criticism I had was about the fact that the alg that is
used to generate the cookie outputs guessable values.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the dbus
mailing list