[696] in athena10
Re: GDM Greeter Custom Commands
daemon@ATHENA.MIT.EDU (William Cattey)
Wed Dec 3 23:21:12 2008
In-Reply-To: <Pine.LNX.4.64L.0812022131300.19068@vinegar-pot.mit.edu>
Mime-Version: 1.0 (Apple Message framework v753.1)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <1A3D7F73-0CE8-427E-8FEF-AC10ACA08051@mit.edu>
Cc: Greg Hudson <ghudson@mit.edu>, athena10@mit.edu
Content-Transfer-Encoding: 7bit
From: William Cattey <wdc@MIT.EDU>
Date: Wed, 3 Dec 2008 23:20:25 -0500
To: Quentin Smith <quentin@mit.edu>
Could we look into kiosk mode Firefox?
Since it's extra work to make custom commands work, if Firefox kiosk
mode can be made to work reasonably well without a lot a lot of work,
this is an opportunity to quit supporting more legacy code with a
standard and generic solution.
-Bill
On Dec 2, 2008, at 9:33 PM, Quentin Smith wrote:
> On Tue, 2 Dec 2008, Greg Hudson wrote:
>
>> For the specific purpose of running the registration applet on
>> cluster
>> machines, I would suggest looking into the kludge of having the
>> applet
>> wrapper script discover the display information.
>
> I think it would be nice if we could support registration on
> private workstations as well, but I guess that's a decision to be
> made by release-team.
>
>> I believe you can do this by peering at /var/lib/gdm. On my
>> machine, it
>> contains a file named :0.Xauth. So :0 is the display and that
>> file is
>> the xauth cookie.
>>
>> (/var/lib/gdm is only readable by root. I assume that in the
>> course of
>> a normal login, gdm copies the xauth cookie into a location
>> readable by
>> the user logging in. The registration applet wrapper would
>> presumably
>> copy the cookie into a temporary directory owned by user nobody
>> and then
>> su to nobody and fork off the appropriate program.)
>
> /var/lib/gdm has gid gdm, and the greeter runs as gid gdm. I don't
> think you want to spawn any untrused X apps on the console, even if
> they're running as nobody, because there are X calls that could be
> used to elevate its privileges.
>
> I believe that X supports "untrusted" connections and there is a
> mechanism for generating an untrusted xauth file, but I suspect
> java wouldn't be supported.
>
> I would suggest a better architecture would be for the "register"
> button to actually log in as a special "register" user that runs
> the registration applet. That way, we follow gdm's normal session
> security model.
>
> --Quentin
