On Mon, 2007-02-12 at 14:10 -0500, Steve Grubb wrote: > On Monday 12 February 2007 13:41, David Zeuthen wrote: > > > We use a cookie called "uid" and one called "gid". > > > > The problem is that these are not per-session; am not sure why that is > > so difficult to understand. > > I just checked the wiki (http://en.wikipedia.org/wiki/Fast_User_Switching) and > it says this: > > "It allows users to switch between user accounts on a single PC without > quitting applications and logging out." > > So it seems to indicate that UID is the right granularity. No. Again, it's a (mild?) security problem if an inactive session can spy on another session using sound or webcam capture. Just think of bored grad students in a computer lab. Hence why we need to revoke access to devices for inactive sessions. Also why we need to track the sessions. Right now XDG_SESSION_COOKIE provides that mechanism and I'm asking for a kernel extension so we don't need to rely on an environment variable being set. I'm _not_ suggesting to depart from file access being managed only by uid:gid, I'm just saying we need that + revoke(). David -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
