On Monday 12 February 2007 14:22, David Zeuthen wrote: > On Mon, 2007-02-12 at 14:10 -0500, Steve Grubb wrote: > > "It allows users to switch between user accounts on a single PC without > > quitting applications and logging out." > > > > So it seems to indicate that UID is the right granularity. > > No. Again, it's a (mild?) security problem if an inactive session can > spy on another session using sound or webcam capture. Just think of > bored grad students in a computer lab. Inactive sessions should have no access to hardware. Any kind of simultaneous sharing has potentially created a covert channel. Besides, why does considering UID to be the session identifier lead to people being able to spy on each other? > Hence why we need to revoke access to devices for inactive sessions. Agreed. > Also why we need to track the sessions. Right now XDG_SESSION_COOKIE > provides that mechanism and I'm asking for a kernel extension so we > don't need to rely on an environment variable being set. So could UID. All you need is a unique identifier for each session. UID can do that. Whatever you use, it has to be auditable. > I'm _not_ suggesting to depart from file access being managed only by > uid:gid, I'm just saying we need that + revoke(). I still don't see why a cookie provides protection and UID does not. -Steve -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
