On Wed, Jun 01, 2016 at 07:35:21AM -0700, Andrew Lutomirski wrote: > On Jun 1, 2016 7:29 AM, "Tomasz Torcz" <tomek@xxxxxxxxxxxxxx> wrote: > > > > On Wed, Jun 01, 2016 at 10:04:27AM -0400, Dan Book wrote: > > > > > > > > Again, this isn't just work-arounds around broken programs. It's a > > > > security thing. It's privileged code (logind, PID 1) that enforces a > > > > clear life-cycle on unprivileged programs. > > > > > > > > Any scheme that relies on unprivileged programs "being nice" doesn't > > > > fix the inherent security problem: after logout a user should not be > > > > able consume further runtime resources on the system, regardless if he > > > > does that because of a bug or on purpose. > > > > > > > > Lennart > > > > > > > > > That's your opinion, and while many sysadmins may share it, many will > not. > > > Having this as an optional security feature would be fantastic. > Enforcing > > > it by default on every user many of which use tmux, screen, nohup, and > & to > > > persist long running processes for daily work, is not something to do > just > > > because you think it is what people should do. > > > > Just a little perspective – this isn't a new option. KillUserProcesses > functionality > > seems to be added by > > commit 202630822f52e06dce8404633407329c38099278 > > Date: Mon May 23 23:55:06 2011 +0200 > > > > Five years ago, so basically from day one. We have this optional > > security feature – fantastic! > > Also, the concept of a ”session” isn't anything new, it's core UNIX > > concept (setsid() enyone?) > > > > I think that programs needing special treatment should use operating > > system's facilities to communicate that. So tmux, screen, nohup should > > really open a new session. It's unfortunate that tmux author is hostile > > against that, but maybe a clean, compile-time optional patch would > persuade > > him? > > You lost me. Tmux almost certainly *already* uses setsid(). The author is > hostile to adding a dbus dependency to tmux to tell systemd that it wants a > new session. > > (I suspect that most terminal emulators also call setsid(), so this > approach wouldn't actually work.) That's kind the point. It would be great to know what exactly need to be done by programs. Examples, examples, examples. Apparently setsid() is not enough. -- Tomasz Torcz There exists no separation between gods and men: xmpp: zdzichubg@xxxxxxxxx one blends softly casual into the other. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
