Re: [patch 0/2] Tmpfs acls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 10, 2006 at 12:59:46AM +0100, Andreas Gruenbacher wrote:
> On Monday 09 January 2006 00:34, Matthew Garrett wrote:
> > Hmm. Do you have any infrastructure for revoking open file descriptors
> > when a user logs out?
> 
> Open file descriptors have nothing to do with it. The device permissions are 
> set by different pam modules on different distributions (pam_console, 
> pam_resmgr).

Right. But what stops a user writing an application that opens a device, 
hangs around after the user logs out and then provides access to the 
user when logged in remotely?

Handwavy problem scenario - user A logs in, is given access to the 
soundcard. Starts running a program that when given appropriate signals 
will record from the system microphone. Logs out. Waits for user B, who 
he suspects is having an affair with his wife, and then monitors any 
conversations that user B has. ACLs on their own don't seem to solve 
this any more than just statically assigning group membership to users.

-- 
Matthew Garrett | [email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux