Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Security considerations, implementation detail' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security considerations, implementation detail
Authored by: nothingmuch on May 24, '04 05:27:40AM

Hi,

What about security? For example, think of the xhosts command, and various authorization/authentication techniques for X.

I tried sshing to the local box with a user that did not have the current view, and then starting a GUI app. It doesn't work.

There's no difference in the envs, and so forth, and the sudo user cannot play with /dev/console, so I assume it must be a unix domain socket, or a TCP/UDP socket somewhere along the way, that the sudo user can play with, since it belongs to a proper group, but that gets through the check OK, because the real gid is of the old user. But I can't find anything (too bad, proxying this could have been really fun).

So how does it work?
AFAIK, Objective-C has objects that can communicate accross processes, and even accross machines (dubbed distributed objects, methinks). Maybe that's how it's done.

Anybody know better?



[ Reply to This | # ]