Heads up for login managers

Miloslav Trmac mitr at redhat.com
Mon Feb 12 20:47:02 UTC 2007


David Zeuthen napsal(a):
> On Mon, 2007-02-12 at 21:31 +0100, Miloslav Trmac wrote:
>> David Zeuthen napsal(a):
>>> We can't use uid for this because you might be
>>> logged in multiple times and at different seats. For example; if you're
>>> inactive at seat A you should not be able to invoke Mount() on HAL on a
>>> storage device that is exclusive to seat A just because you're active on
>>> seat B.
>> That can be prevented by allowing the access to Mount(seat_A, *) only to
>> the UID active at seat A.
> 
> But with D-Bus we only get the uid and pid of the caller; how do we
> figure out if the caller is from a session on Seat A or Seat B? That's
> perfectly possible since the same user is logged in at A and B.
<broken record>WE DON'T NEED TO.  WHY DOES IT MATTER what seat is the
calling process on if they can communicate and pass privileges to each
other?</broken record>

|> There is no need to prevent a process with UID $foo running in the
|> inactive session at seat A from accessing Mount(seat_B, *) while a
|> session with UID $foo is active at seat B, is there?
	Mirek




More information about the Fedora-maintainers mailing list