Heads up for login managers
David Zeuthen
davidz at redhat.com
Mon Feb 12 20:06:29 UTC 2007
On Mon, 2007-02-12 at 14:53 -0500, Alan Cox wrote:
> On Mon, Feb 12, 2007 at 02:43:13PM -0500, David Zeuthen wrote:
> > (and the other things I'm saying are 1) we really want revoke() to
> > ensure privacy of sessions on the same seat; and 2) it would be nice to
> > use a kernel mechanism rather than the rather ugly XDG_SESSION_COOKIE
> > mechanism.)
>
> 1. Agreed (and SELinux)
>
> 2. Your XDG_SESSION_COOKIE doesn't do anything anyway.
Of course it does.
User alan is logged in on two seats A and B.
Seat A gives access to Hardware X (say, a usb optical drive).
Seat B gives access to Hardware Y (say, another usb optical drive).
Login session for alan on seat A is active.
Login session for alan on seat B is inactive.
Hence, user alan should only have access to hardware Y.
Further, programs running for alan on seat B needs to be denied access
to certain D-Bus methods on system daemons like Bluez, HAL,
NetworkManager and other services. Programs running for alan on seat A
need not to be denied this access. The system daemons are smart enough
to know what seats the hardware belong to.
Bottom line: system-level daemons needs to know more than the uid of the
caller. They actually need to know what session they originate from.
Hence XDG_SESSION_COOKIE. I'm just asking for a nicer way to do this.
Thanks.
David
More information about the Fedora-maintainers
mailing list