[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-kde
Subject:    [opensuse-kde] Re: kdmrc's ForgingSeed
From:       Cristian Morales Vega <cmorve69 () yahoo ! es>
Date:       2010-05-21 18:50:55
Message-ID: AANLkTimjf58rSH6Pahzs2NPxOUCFCJLV53ZKnf3VnPWy () mail ! gmail ! com
[Download RAW message or body]

2010/5/20 Cristian Morales Vega <cmorve69@yahoo.es>:
> Hi,
>
> Looking at the packages from KKFD that were published without a
> changes in sources (i.e. that didn't pass the build-compare test) I
> found this in /usr/share/kde4/config/kdm/kdmrc:
>
> # Random seed for forging saved session types, etc. of unknown users.
> # This value should be random but constant across the login domain.
> # Default is 0
> ForgingSeed=XXXXXXXXXX
>
> No idea about kdm or what this ForgingSeed exactly is. But:
> a) It's a security problem that this seed is random but... well,
> public, and constant for all openSUSE users? Should it to be set in
> the %postin?
>
> b) If isn't a security problem. Would we brake people systems if we
> set it in the %postin? (to fix build-compare)
> I am not sure what the "login domain" is. Could it be that people
> networks are working just because they installed the same package in
> all the machines and so all of them have the same ForgingSeed? If we
> make them different perhaps they will not know how to fix it?

Created https://build.opensuse.org/request/diff/40492
-- 
To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-kde+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]