2014/10/16 5:59 "Andrei POPESCU" <andreimpope...@gmail.com>: > > On Mi, 15 oct 14, 09:46:47, The Wanderer wrote: > > > > I suspect that the answer is "they just didn't provide the functionality > > which ConsoleKit, and later systemd-logind, now enable them to provide", > > but I'm not aware - in a clear-understanding, defined-boundaries sense - > > of exactly what that functionality is, or of why it would be necessary > > or otherwise valuable, or of what the problem is which that > > functionality was intended to address. > > A problem that ConsoleKit and logind is trying to address is handling > permissions to access devices. > > Traditionally on *nix machines this was done with user groups, e.g. > members of 'audio' would have full (read/write) access to all audio > devices and members of 'video' would have full access to video cards or > web-cams. > > The problem with this approach is that it's not fine-grained enough, > i.e. it can't distinguish between users logged in locally or via ssh. > This means Mallory could easily spy on Alice remotely, just by being a > member of 'audio' and 'video'. > > Hope this explains, > Andrei
Two thoughts that this problem brings to mind -- (1) Why should it matter? Local? Remote? A hole is a hole. (1.5) How does ssh deal with making connections private? Any clues there? (2) There are times when I don't want to have to be logged in as an admin user to be able to make an ephemeral group. I've understood that for ten years. When am I going to make the time to construct the package to manage it within the standard unix permissions model? :-( Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
