per seat hardware and login managers

Marcus Meissner meissner at suse.de
Tue Mar 20 04:27:55 PDT 2007


On Tue, Mar 20, 2007 at 11:25:15AM +0000, Richard Hughes wrote:
> On Mon, 2007-03-19 at 23:04 -0400, David Zeuthen wrote:
> > I think we need to just do this; in many ways it is indeed it's own
> > session and it would reduce ugly things like this
> > 
> >  http://cvs.fedora.redhat.com/viewcvs/devel/gdm/90-grant-audio-devices-to-gdm.fdi?rev=1.1&view=auto
> > 
> > to just being normal policy because right now gdm can always access
> > your
> > sound devices... (not a huge attack vector but a bit annoying
> > nonetheless). 
> 
> So what is the problem with doing this? Why was it not done years ago -
> is there some subtlety I'm missing?

Don't.

You should not grant too much rights to just a system user.

Or do you expect Sound at the GDM login prompt?

Ciao, Marcus


More information about the hal mailing list