On Mi, 15 oct 14, 09:46:47, The Wanderer wrote: > > I suspect that the answer is "they just didn't provide the functionality > which ConsoleKit, and later systemd-logind, now enable them to provide", > but I'm not aware - in a clear-understanding, defined-boundaries sense - > of exactly what that functionality is, or of why it would be necessary > or otherwise valuable, or of what the problem is which that > functionality was intended to address.
A problem that ConsoleKit and logind is trying to address is handling permissions to access devices. Traditionally on *nix machines this was done with user groups, e.g. members of 'audio' would have full (read/write) access to all audio devices and members of 'video' would have full access to video cards or web-cams. The problem with this approach is that it's not fine-grained enough, i.e. it can't distinguish between users logged in locally or via ssh. This means Mallory could easily spy on Alice remotely, just by being a member of 'audio' and 'video'. Hope this explains, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt
signature.asc
Description: Digital signature
