Alan wrote (08 Nov 2013 22:33:02 GMT) :
> Do we want to do add a script like that to Tails to be able to wait for
> vidalia's pid to connect to X? Or to rewrite `restart-vidalia` in
> python? Or to keep the ugly `sleep`?
Thanks for looking into this, I hope it was fun :)
I'd like to see someone take 5 minutes to think through the actual
disadvantages of a (admitedly ugly) `sleep 5' (or even `sleep 60', to
accommodate slower nested virtualization as used in the test suite).
Without this data in hand, I find it hard to be convinced that it's
worth it to throw a full-blown Python interpreter at this problem,
merely to close some X authentication window at the optimal time.
(I mean, of course something like this Python script is the "correct"
solution, but sometimes we just don't care that much about
correctness, sometimes a waaay simpler and lighter solution is
good enough.)
So, I guess my real question is: why would an attacker, who supposedly
is able to take advantage of the window offered by `sleep 5' (or even
`sleep 60'), *not* be able to take advantage of the time between the
time door is open and the time it is closed?
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc