A common VFS and a Common conf-system [Part II]

Alexander Larsson alexl at redhat.com
Thu Mar 3 19:00:40 EET 2005

On Thu, 2005-03-03 at 09:03 -0500, Sean Middleditch wrote:

> I would argue then that the daemon can forward the information about the
> process to the keyring, or that they keyring can tie in better to the
> daemon.  My plan was to make the daemon talk to an external helper over
> D-BUS (or a more direct protocol if necessary for security - haven't
> looked at that in depth yet), so gnome could provide such a helper that
> used the keyring.  Making sure that the actual applications never touch
> the authentication information is something I'm rather keen on - it
> really can eliminate an entire class of security holes and information
> leaks.

There are some interaction issues with this btw. For instance, it makes
the authentication window not be related to the window causing the i/o.
This can cause problems with window manager behaviour. 

There can also be problems with authentication dialogs in modal dialogs.
I know we had some problems with that in gnome-vfs, although it might
not be as much of a problem with authentication dialogs opened from
another process though.

 Alexander Larsson                                            Red Hat, Inc 
                   alexl at redhat.com    alla at lysator.liu.se 
He's a Nobel prize-winning sweet-toothed sorceror moving from town to town, 
helping folk in trouble. She's a supernatural winged widow married to the Mob. 
They fight crime! 

More information about the xdg mailing list