A common VFS and a Common conf-system [Part II]

Alexander Larsson alexl at redhat.com
Thu Mar 3 16:57:02 EET 2005


On Thu, 2005-03-03 at 09:03 -0500, Sean Middleditch wrote:
> 
> I would argue then that the daemon can forward the information about
> the process to the keyring, or that they keyring can tie in better to
> the daemon.  My plan was to make the daemon talk to an external helper
> over D-BUS (or a more direct protocol if necessary for security -
> haven't looked at that in depth yet), so gnome could provide such a
> helper that used the keyring.  Making sure that the actual
> applications never touch the authentication information is something
> I'm rather keen on - it really can eliminate an entire class of
> security holes and information leaks.

There are things you can't easily forward though, such as a selinux
contexts. 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl at redhat.com    alla at lysator.liu.se 
He's a leather-clad chivalrous vagrant with a secret. She's a tortured psychic 
wrestler with a knack for trouble. They fight crime! 




More information about the xdg mailing list