On Mon, 2007-02-12 at 14:52 -0500, Alan Cox wrote: > Tell me why your security model gains from poking around unreliably in the > environment of a task (which is also btw really slow and a path we optimise > against not for) as opposed to operating on the uid. There's no changes in the security model; any login session from user FOO can access resources over D-Bus from all of FOO's login sessions by tweaking XDG_SESSION_COOKIE. They also be able to access device files without any problems. This is like pam_console. No changes. You might even consider it a feature. We need XDG_SESSION_COOKIE to make sure what desktop session a D-Bus call originates from. We can't use uid for this because you might be logged in multiple times and at different seats. For example; if you're inactive at seat A you should not be able to invoke Mount() on HAL on a storage device that is exclusive to seat A just because you're active on seat B. We can do this securely only with XDG_SESSION_COOKIE. If we used uid it wouldn't be secure. I refuse to be part of designing a system that cannot allow multiple logins from the same user. I hope I'm not the only one. David -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly