per seat hardware and login managers
Marcus Meissner
meissner at suse.de
Tue Mar 20 04:27:55 PDT 2007
On Tue, Mar 20, 2007 at 11:25:15AM +0000, Richard Hughes wrote:
> On Mon, 2007-03-19 at 23:04 -0400, David Zeuthen wrote:
> > I think we need to just do this; in many ways it is indeed it's own
> > session and it would reduce ugly things like this
> >
> > http://cvs.fedora.redhat.com/viewcvs/devel/gdm/90-grant-audio-devices-to-gdm.fdi?rev=1.1&view=auto
> >
> > to just being normal policy because right now gdm can always access
> > your
> > sound devices... (not a huge attack vector but a bit annoying
> > nonetheless).
>
> So what is the problem with doing this? Why was it not done years ago -
> is there some subtlety I'm missing?
Don't.
You should not grant too much rights to just a system user.
Or do you expect Sound at the GDM login prompt?
Ciao, Marcus
More information about the hal
mailing list