Re: [patch 0/2] Tmpfs acls

[Kay Sievers]

On Tue, Jan 10, 2006 at 12:07:58AM +0000, Matthew Garrett wrote:
> On Tue, Jan 10, 2006 at 12:59:46AM +0100, Andreas Gruenbacher wrote:
> > On Monday 09 January 2006 00:34, Matthew Garrett wrote:
> > > Hmm. Do you have any infrastructure for revoking open file descriptors
> > > when a user logs out?
> > 
> > Open file descriptors have nothing to do with it. The device permissions are 
> > set by different pam modules on different distributions (pam_console, 
> > pam_resmgr).
> 
> Right. But what stops a user writing an application that opens a device, 
> hangs around after the user logs out and then provides access to the 
> user when logged in remotely?
> 
> Handwavy problem scenario - user A logs in, is given access to the 
> soundcard. Starts running a program that when given appropriate signals 
> will record from the system microphone. Logs out. Waits for user B, who 
> he suspects is having an affair with his wife, and then monitors any 
> conversations that user B has.

That can be solved in the user session handling and not in the kernel.

> ACLs on their own don't seem to solve 
> this any more than just statically assigning group membership to users.

Sure, they do. Unlike silly group memberships, the system can provide
ressources to "local" users only.

Kay
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/