Heads up for login managers
David Zeuthen
davidz at redhat.com
Mon Feb 12 19:22:17 UTC 2007
On Mon, 2007-02-12 at 14:10 -0500, Steve Grubb wrote:
> On Monday 12 February 2007 13:41, David Zeuthen wrote:
> > > We use a cookie called "uid" and one called "gid".
> >
> > The problem is that these are not per-session; am not sure why that is
> > so difficult to understand.
>
> I just checked the wiki (http://en.wikipedia.org/wiki/Fast_User_Switching) and
> it says this:
>
> "It allows users to switch between user accounts on a single PC without
> quitting applications and logging out."
>
> So it seems to indicate that UID is the right granularity.
No. Again, it's a (mild?) security problem if an inactive session can
spy on another session using sound or webcam capture. Just think of
bored grad students in a computer lab.
Hence why we need to revoke access to devices for inactive sessions.
Also why we need to track the sessions. Right now XDG_SESSION_COOKIE
provides that mechanism and I'm asking for a kernel extension so we
don't need to rely on an environment variable being set. I'm _not_
suggesting to depart from file access being managed only by uid:gid, I'm
just saying we need that + revoke().
David
More information about the Fedora-maintainers
mailing list