Default local auth policy

Eric Anholt eric at anholt.net
Fri Mar 20 16:36:22 PDT 2009 

On Tue, 2009-03-17 at 14:06 -0400, Adam Jackson wrote:
> On Mon, 2009-03-16 at 12:52 -0700, Eric Anholt wrote:
> > On Fri, 2009-03-13 at 13:46 -0400, Adam Jackson wrote:
> > > Currently, if you start X without -ac and without -auth, the default
> > > connection policy is to allow connections from localhost.  In
> > > particular, this means on every IPv[46] address, and any local
> > > transports including unix sockets.
> > > 
> > > I'd like to see a mode where the default policy is effectively
> > > +si:localuser:`id -un`, which would allow connections only from the uid
> > > that started the server.  This is effectively the policy everyone's
> > > trying to implement with xauth cookies, but cookies have to get stored
> > > on disk somewhere which sucks for NFS and r/o images, etc.  For the gdm
> > > case, the display manager would add the real user to the access list
> > > once they've been authed, and then remove itself and start the session
> > > as the user.
> > > 
> > > Normally I'd just change the default here, but I think this might be a
> > > significant enough difference in behaviour that you should have to ask
> > > for it.  So.  New -localuser option?  Change the default?  Bad idea,
> > > give up, take up farming?
> > 
> > It sounds sensible, the only thing I'm concerned about is whether with
> > this new default I could sudo <X app> and still get success.
> 
> It's not particularly well specified, at least for
> getsockopt(SO_PEERCRED).  The Linux implementation appears to give you
> the effective UID, not real, so suid apps would fail.  I'm not sure what
> the other OS's implement offhand.

And sudo would fail as well?  That's extremely uncool.  Unless the plan
is to add +si:localuser:0 as well.

-- 
Eric Anholt
eric at anholt.net                         eric.anholt at intel.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.x.org/archives/xorg-devel/attachments/20090320/2e0325ee/attachment.pgp

More information about the xorg-devel mailing list