SDTLOGIN interface

Edgar Toernig froese at gmx.de
Mon Jun 2 13:29:52 PDT 2008


Alan Coopersmith wrote:
>
> When the X server starts, it creates a named pipe (aka fifo) in a
> directory writable only by root.  The display manager opens the other
> end of this pipe for writing.   Once it's displayed the login screen
> and authenticated a user, the display manager writes a series of
> key value pairs over the pipe such as:
> 	
>        UID="123" GID="10";
>        G_LIST_ID="1" G_LIST_ID="2" G_LIST_ID="3";
>        HOME="/home/bob" EOF="";
> 
> Once it sees the EOF="" token, the Xserver closes the pipe and
> processes the other pairs - approximately:
> 	setregid(GID)
> 	setgroups(G_LIST_ID list)
> 	chown(server-auth-file, UID)
> 	setreuid(UID)
> 	chdir(HOME)

What's the point in all this ... stuff?

Why should the X-server run with the privileges of some
arbitrary user?  Why should it be able to read some
user's mail, have access to its crontab etc?  And what
if that user happens to be root?

I do understand that one wants to drop all privileges as
soon as possible but doesn't that mean to switch to the
least privileged account, something like 'nobody'?

Ciao, ET.




More information about the xorg mailing list