[prev in list] [next in list] [prev in thread] [next in thread]
List: gtk-devel
Subject: Re: GMountOperation concerns
From: David Zeuthen <david () fubar ! dk>
Date: 2007-12-12 17:46:25
Message-ID: 1197481585.19549.38.camel () oneill ! fubar ! dk
[Download RAW message or body]
On Wed, 2007-12-12 at 12:05 -0500, David Zeuthen wrote:
> So I'm thinking a similar pattern would be useful for g_volume_mount();
> it would move all credentials handling out of process. The downside is
> that the application itself cannot draw it's own dialogs for asking for
> credentials. But I think that's fine; we don't let gnome-keyring using
> apps do this either.
Just to clarify; this is how the interaction would be
+---------------------+ gvfs IO Channel
| App using libgio.so |--------------------+
+---------------------+ |
| +-----------------------------+
| IPC (e.g. D-Bus) | out-of-process gvfs plug-in |
| +-----------------------------+
+-------------------------+ |
| ask-credentials-program |----------------+
+-------------------------+ Secure Channel for
passing credentials
(not D-Bus in session bus mode as the
bus is snoopable)
Of course to make this secure both ask-credentials-program and the
out-of-process gvfs plugin (e.g. smb://) will need to be locked down.
One easy way to do this is plain-vanilla UNIX-like systems is to make
them setgid nobody (so libc secure mode kicks in).
Also, the ask-credentials-program could be a proxy for a GTK+ program,
e.g. gtk-ask-credentials-program, that runs on another secure desktop
session (e.g. the gdm login screen) and to get there you would need to
use SAK (secure attention key; e.g. ctrl+alt+backspace or whatever); or
when the windowing system and toolkit have secure modes that could be
used.
For the record I'm not proposing that we do this work now; I'm only
proposing to make the API secure and capable of doing things like this
in the future.
David
_______________________________________________
gtk-devel-list mailing list
gtk-devel-list@gnome.org
http://mail.gnome.org/mailman/listinfo/gtk-devel-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic