[systemd-devel] The meaning of CanMultiSession=no on non-seat0

[Lennart Poettering]

On Do, 02.04.20 22:59, nerdopolis (bluescreen_avenger at verizon.net) wrote:

> Thanks. I was wondering if there was some security thing that depended on TTYs
> for the two Display Servers running on the same seat to truly be secure or not.
> (like reading /dev/input/* )

The input subsystem has ioctls we use to switch access. THis should be
reasonably secure. DRM the same.

> If you don't need TTYs to prevent the non-seat0 session from reading input from
> the other non-seat0 session, the same as on seat0, then yeah, as I've been able
> to run and switch between two sessions on non-seat0 since I first tried it in
> 2017...

keypresses these days are read via the input subsystems, ttys are only
used for classic text logins at this point.

> One thing I did notice though is that (as far as leaking input)
>
> - if run Display Servers on the secondary seat (one, or more than one)
> - On seat0, I chvt to a text-mode TTY
> - Continuing to use the secondary seat, all keyboard and mouse (gpm) input
>   gets sent to the TTY (and the actual display server)
> - Switching back to a TTY with a display server, and the seats behave separate
>   again

hmm, this smells like a bug, either in logind or in the kernel. can
you file an issue about this?

Lennart

--
Lennart Poettering, Berlin