On Mon, 2007-02-12 at 14:46 -0500, Alan Cox wrote:
> On Mon, Feb 12, 2007 at 02:18:41PM -0500, David Zeuthen wrote:
> > The checks against XDG_SESSION_COOKIE is only used to limit access,
>
> They are not limiting access. The "session cookie" is free for anything
> with the same uid to access and use. Its nerf security.
I never claimed it provided security. You will be able to copy
XDG_SESSION_COOKIE from your other processes and that's fine. Just keep
in mind it's easier to just run VNC than copying it around.
However if we used something else than XDG_SESSION_COOKIE, like tagging
a process with a secret cookie that only privileged processes can
read/write it would provide real security.
David
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
