Mailinglist Archive: opensuse-kde (101 mails)
| < Previous | Next > |
[opensuse-kde] Re: kdmrc's ForgingSeed
- From: Cristian Morales Vega <cmorve69@xxxxxxxx>
- Date: Fri, 21 May 2010 20:50:55 +0200
- Message-id: <AANLkTimjf58rSH6Pahzs2NPxOUCFCJLV53ZKnf3VnPWy@xxxxxxxxxxxxxx>
2010/5/20 Cristian Morales Vega <cmorve69@xxxxxxxx>:
Created https://build.opensuse.org/request/diff/40492
--
To unsubscribe, e-mail: opensuse-kde+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kde+help@xxxxxxxxxxxx
Hi,
Looking at the packages from KKFD that were published without a
changes in sources (i.e. that didn't pass the build-compare test) I
found this in /usr/share/kde4/config/kdm/kdmrc:
# Random seed for forging saved session types, etc. of unknown users.
# This value should be random but constant across the login domain.
# Default is 0
ForgingSeed=XXXXXXXXXX
No idea about kdm or what this ForgingSeed exactly is. But:
a) It's a security problem that this seed is random but... well,
public, and constant for all openSUSE users? Should it to be set in
the %postin?
b) If isn't a security problem. Would we brake people systems if we
set it in the %postin? (to fix build-compare)
I am not sure what the "login domain" is. Could it be that people
networks are working just because they installed the same package in
all the machines and so all of them have the same ForgingSeed? If we
make them different perhaps they will not know how to fix it?
Created https://build.opensuse.org/request/diff/40492
--
To unsubscribe, e-mail: opensuse-kde+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kde+help@xxxxxxxxxxxx
| < Previous | Next > |