ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE
David Zeuthen
zeuthen at gmail.com
Wed Jul 28 06:47:13 PDT 2010
Hi,
On Wed, Jul 28, 2010 at 6:00 AM, Lennart Poettering <mzqohf at 0pointer.de> wrote:
> The only real criticism I had was about the fact that the alg that is
> used to generate the cookie outputs guessable values.
FWIW, I agree it would be a big problem $XDG_SESSION_COOKIE was
guessable. But they are not. Why do you think they are? Each cookie
ends in a 32-bit random number, see
http://cgit.freedesktop.org/ConsoleKit/tree/src/ck-manager.c?id=0.4.1#n299
using g_random_int_range(). So if g_random_int_range() is a good and
secure random function (and it is), what exactly is the problem? It's
not like you can easily guess one.
If you are concerned that the time is included note that RFC-4122
UUIDs also contain the time. It's not a big deal.
David
More information about the dbus
mailing list