Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets
erikharrison at gmail.com
Tue Jul 13 17:17:37 PDT 2004
On Tue, 13 Jul 2004 10:06:22 -0400, Sean Middleditch
<elanthis at awesomeplay.com> wrote:
> On Tue, 2004-07-13 at 09:53, Jakub Piotr CÅapa wrote:
> > Jon Smirl wrote:
> > > The idea of a kernel based login is that it is completely secure and
> > > can't be trojaned. A key that can't be intercepted is used to trigger
> > > login. The kernel catches this and clears/draws the screen in a way
> > > that can't be stopped. The keyboard is then directly read for the login
> > > data.
> > Looks really Windowish (and fishy) to me...
> > Why is this better than x/g/w/xdm? AFAIR from the beggining Unixes used
> I log in. I make a program that paints a full-screen window identical
> to GDM, but it takes the user names/passwords and mails them to me. A
> user sits down, tries to log in, and poof, I stole their login
> This is why Windows has the "Push ctrl-alt-delete to login" window on
> most corporate workstations. The kernel and _only_ the kernel can catch
> and process ctrl-alt-delete.
> I'm not at all convinced that the actual login screen and daemon needs
> to be in the kernel at all, but there does need to be a way to 100%
> guarantee that you are at the real login screen; kernel-level checks
> using a kernel-only key sequence is one way to do this. Perhaps the
> kernel can, upon receiving the key-combination, open a new VT and launch
> a specific binary (GDM/KDM/etc) on it? The only way to trojan that
> would be to over-write the login manager binaries or somehow get access
> to control a VT owned by root/login-manager-user, which shouldn't be any
> easier than cracking the kernel login system, no?
This seems like the kind of thing the ditro vendors should hadnle.
CTRL+ALT+DEL generates a keyboard events only trappable by the kernel.
The kernel can have what action it performs on this event be
customized - for example, hitting ctrl+alt+del opens a login screen.
Bada bing, no need to put login/*dm in the kernel.
> > (min)getty+login for logging in on text terminals and it works without
> > problems (I can event change mingetty to fbgetty to get some fancy
> > graphic into the framebuffer).
> > What make graphic consoles different?
> Nothing. The security problem is there with mingetty as well. The same
> system discussed here could potentially be used to alleviate that
> problem as well.
> Sean Middleditch <elanthis at awesomeplay.com>
> AwesomePlay Productions, Inc.
> xorg mailing list
> xorg at freedesktop.org
More information about the xorg