Display of system users: Selecting the face

Friedrich W. H. Kossebau Friedrich.W.H at kossebau.de
Sat Jul 9 13:38:14 BST 2005 

Am Donnerstag, 7. Juli 2005 21:40, schrieb Oswald Buddenhagen:
> On Thu, Jul 07, 2005 at 06:16:39PM +0200, Friedrich W. H. Kossebau wrote:
> > Am Donnerstag, 7. Juli 2005 11:58, schrieb Oswald Buddenhagen:
> > > On Thu, Jul 07, 2005 at 03:22:53AM +0200, Friedrich W. H. Kossebau 
wrote:
> > > > This could be done by downscaling from one given picture with the
> > > > largest size needed, like 140x140 or 300x300.
> > >
> > > no way this is going to work:
> > > - slow.
> >
> > Another (additional) solution would be to do the scaling once (when
> > adding the face) and save the results to disc.
>
> this is what is happening now. well, only for the face.icons, actually,
> as the faces are practically unsupported. sure, it would make sense to
> offer a down-scaled version of the image selected as the face for the
> icon - as long as it is possible (and recommended) to set the icon
> separately ...

Which would be enforced by the face selector. :)

> > > > Enabling users to provide their own face as a file in their home dir
> > > > works with display managers. They usually are run with superuser
> > > > rights (or have some helper demons which are), so they can access all
> > > > files.
> > >
> > > while kdm currently has code that setuids to the owner of the image, a
> > > comment (i mean, _a comment_ - in _my_ code!! :) clearly indicates that
> > > it is supposed to run as nobody.
> > >
> > > actually, i could/should change this right away - no need for the
> > > entire greeter to run as nobody for this.
>
> actually, i did just after the post ...
>
> > > ergo, inaccessible image -> no image - without exceptions
> >
> > I do not really get what you say here? Go with nobody or don't?
>
> any non-root. if the image is public, it is visible. that simple.

Hm. What could a user do who would like to hide his $HOME but make his own 
face available? The docs of GDM tell that explicitly for this purpose they 
run a demon with superuser rights to tunnel such pictures to the greeter...

> > > > But might this put danger on security? What if someone manipulated
> > > > one's addressbook and therefore the system displays the wrong person?
> > >
> > > you can do this with the .faces as well. that's one of the reasons why
> > > the *Admin* variants still exist.
> >
> > Okay. So we could allow users to set up their own set of faces and names
> > for the other users and enable the admin to outkiosk that, then.
>
> ?

Well, apps such as the kdm greeter or the lock dialog would never use an 
addressbook while other apps would if a user choose to do. By using a special 
constructor of proposed KUserFaceLoader...

Okay, generally I see no real objections against my proposal so I will prepare 
and send in a patch tomorrow :)

Regards
Friedrich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050709/cb392b6b/attachment.sig>

More information about the kde-core-devel mailing list