ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE

David Zeuthen zeuthen at
Wed Jul 28 06:47:13 PDT 2010


On Wed, Jul 28, 2010 at 6:00 AM, Lennart Poettering <mzqohf at> wrote:
> The only real criticism I had was about the fact that the alg that is
> used to generate the cookie outputs guessable values.

FWIW, I agree it would be a big problem $XDG_SESSION_COOKIE was
guessable. But they are not. Why do you think they are? Each cookie
ends in a 32-bit random number, see

using g_random_int_range(). So if g_random_int_range() is a good and
secure random function (and it is), what exactly is the problem? It's
not like you can easily guess one.

If you are concerned that the time is included note that RFC-4122
UUIDs also contain the time. It's not a big deal.


More information about the dbus mailing list