Re: Improving gksu: lib, server, basic client

[Gustavo Noronha Silva]

Em Wed, 22 Oct 2003 11:10:28 -0300 (ART), Tevaum <address@hidden> escreveu:

> Hi...

Hello Tevaum, nice to see you here! =)

For the other subscribers, Tevaum is a local friend of mine. He studies
at the same university as me.

> I'm worried about the secutiry... is it possible to
> steal data from the daemon? is there any kind of auth?

Yes, the XAUTH_token you ask about below is just 'getable' by
the user who started the X server. We could do some ident
check, also, to know that the user requesting the password
is the same that have set it (looking at the efective uid,
for example).

The XAUTH stuff is quite safe, though, I believe. I am more
worried about the security when the password is going from
the server to the client and vice-versa. We should implement
ssl or some stuff to crypt it.

-- 
address@hidden: Gustavo Noronha <http://people.debian.org/~kov>
Debian:  <http://www.debian.org>  *  <http://www.debian-br.org>
        http://debian-br.alioth.debian.org/?id=WebWML