[systemd-devel] systemd v4[01] and graphical login managers
Christian Hesse
list at eworm.de
Sat Feb 11 04:12:49 PST 2012
Lennart Poettering <lennart at poettering.net> on Sat, 11 Feb 2012 00:59:47
+0100:
> On Fri, 10.02.12 22:34, Christian Hesse (list at eworm.de) wrote:
>
> > > > > Well, strace the PAM client which invokes the PAM session hooks and
> > > > > figure out where exactly the fifo is closed and by what piece of
> > > > > code. The FIFO fd is received via a dbus reply (which you'll see as
> > > > > a recvmsg() with an SCM_RIGHTS param, followed by an
> > > > > fcntl(F_DUPFD)), and you'd need to trace where it gets closed in
> > > > > the parent process.
> > > >
> > > > Here is my trace:
> > > > http://www.eworm.de/tmp/lightdm.log
> > > >
> > > > I think this is the code closing the fd:
> > > > http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/view/head:/src/pam-session.c#L393
> > >
> > > Well, but normally the PAM session should only be closed after the user
> > > logged out again. Why is this invoked so early?
> >
> > Looks like lightdm starts a root pam session for the greeter. That is
> > closed before the user pam session ist started...
>
> It should be starting a PAM session for the greeter, but definitely not
> for "root". That would mean their entire greeter runs as root? THat's a
> really bad idea.
By default, yes.
But it can be configured to use another user... Using 'lightdm' for that on
my system now.
> The greeter should have its own PAM session so that systemd-logind know
> about it and can rearrange access control to devices such as soundcards
> properly, so that screenreaders and event sounds work.
>
> > Anyway... slim is not split into core and greeter. Does it act the same
> > nevertheless? Will take a look at that, too.
>
> Umpf. Their entire stuff runs as a single process? So if their UI
> toolkit is borked you just became root? That sounds really bad.
Indeed...
> Can't really believe Ubuntu ships with such a setup by default.
AFAIK Ubuntu ships with lightdm, not slim.
--
Best regards,
Chris
O< ascii ribbon campaign
stop html mail - www.asciiribbon.org
More information about the systemd-devel
mailing list