On 11/23/2009 01:24 PM, Gregory Maxwell wrote:
> I haven't tried the the fast user switching in fedora... Hopefully it is
> using some kernel mode secure path to prevent users from stealing each others
> credentials, if it isn't then one should be established for it. Why not use the
> same facility to switch to a system administration desktop, locked down a bit by
> default (use SE linux to make various unsafe user tasks like firefox,
> open office, etc unable to run in this admin context) to discourage
> casual use.
Wait, you're arguing for this *instead* of finer-grained elevations of privilege
governed by policy files which can be locally overridden safely?
> Surely this would be preferable to reducing the security against
> common casual threats.
I think you've characterized things backwards here.
--
Peter
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
