On Tue, 2006-12-19 at 17:14 -0500, Karl MacMillan wrote: > Reading through http://fedoraproject.org/wiki/Desktop/FastUserSwitching, > I had two questions. > > 1) Any work ongoing to look at the security of this solution. For > example, the proposed fix for device ownership allows multiple users to > use devices simultaneously. This could have serious security > implications (e.g., monitoring VIOP calls made by another user). No code yet, plans include using ACL's on device nodes and have *some* way of specifying whether a device of a given class can have multiple owners or not. Preferably specifying this so it can be locked down. Whether the driver in question support multiple openers (it varies, even within the same class e.g. ALSA) is another question. All this will probably mean replacing pam-console with *something*, not a bad idea anyway since pam-console is one reason that e.g. udev takes a long time to start. It just does a lot of work on every uevent that it doesn't need to do. Again, no code is written yet. For discussion please follow up on the Wiki page, not on this mailing list (as such, Karl, please add notes to the Wiki page). Thanks. David -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
