Re: Heads up for login managers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 12, 2007 at 01:48:26PM -0500, David Zeuthen wrote:
> Two sessions in fast user switching on a single seat. One web cam. You
> really want to make sure that the inactive session cannot use the web
> cam. Yes, to do this in a really secure manner you want revoke() and

No you don't. You want to make sure that only the user uid of the currently
active session can access the webcam. It doesn't matter if the webcam 
access then comes from my X session or some other unrelated process, providing
it's me it is watching.

Trivial example is a user running cron to take 5 minute shots of their activity
via cron. The cron fired video grab is definitely not part of some gnome
created session but its perfectly fine. What must fail is if I try and
take a picture while I've let someone else borrow the seat (and this again
is uid not session)

> probably something even better than this proposal

SELinux can do much of the revoke type duties, but I agree you want revoke
really, and its a big Linux failing. Please beat up Al Viro until he 
understands how urgent it is...

Alan

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers

--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux