On 06/02/2016 02:19 PM, Paul Wouters wrote:
On Jun 1, 2016, at 09:48, Lennart Poettering wrote:
Any scheme that relies on unprivileged programs "being nice" doesn't
fix the inherent security problem: after logout a user should not be
able consume further runtime resources on the system, regardless if he
does that because of a bug or on purpose.
You are redefining the meaning of (a graphical) logout. It simply means another
user can use the mouse, keyboard and screen of this device. It makes no
statement on whether the machines resources are shared or not.
It allows you to kill anything that has to do with the user controlling the screen,
keyboard and mouse but the killing should be limited to those processes. And then we are
back at "just fix those broken processes".
Actually, we have the capacity for dual login (switching users), where
the first session is still active, and the new user runs his display
session on a different console which grabs the mouse, keyboard and
screen devices. The proposed change, as I understand it now, allows the
processes from the first session to continue running.
--
devel mailing list
devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
