Heads up for login managers

Alan Cox alan at redhat.com
Mon Feb 12 19:43:33 UTC 2007


On Mon, Feb 12, 2007 at 01:48:26PM -0500, David Zeuthen wrote:
> Two sessions in fast user switching on a single seat. One web cam. You
> really want to make sure that the inactive session cannot use the web
> cam. Yes, to do this in a really secure manner you want revoke() and

No you don't. You want to make sure that only the user uid of the currently
active session can access the webcam. It doesn't matter if the webcam 
access then comes from my X session or some other unrelated process, providing
it's me it is watching.

Trivial example is a user running cron to take 5 minute shots of their activity
via cron. The cron fired video grab is definitely not part of some gnome
created session but its perfectly fine. What must fail is if I try and
take a picture while I've let someone else borrow the seat (and this again
is uid not session)

> probably something even better than this proposal

SELinux can do much of the revoke type duties, but I agree you want revoke
really, and its a big Linux failing. Please beat up Al Viro until he 
understands how urgent it is...

Alan




More information about the Fedora-maintainers mailing list