linuxaudio.org

Lennart Poettering wrote:

quoted text
> On Mon, 22.06.09 09:33, Arnold Krille (arnold@arnoldarts.de) wrote:

>

>

> You practically cannot take group membership away from a user after

> you gave it to him, and also adding a seperate group for every tiny

> bit you need to authorize access to doesn't scale.

security is a matter of good design, not of "oh, look, he has become

evil, let's revoke his privileges" ad-hockery.
it should never be necessary to automatically revoke rights from users.

if i have to get rid of a misbehaving creature fast, "passwd -l villain"

in combination with "mv ~villain/.ssh /tmp" and a quick pkill fixes

things for me. and the very good part is that this decision is made by a

human, not by some imperial shitload of policy that caters to the needs

of some mythical desktop user.
your rtkit cannot protect against anything, you can just play policy

catch-up with evildoers forever. that's about the same level of security

that outgoing firewalls in windows provide - you depend on process names

and whatnot, and if i rename "Internet Explorer.exe" to "Windows

Update.exe", i'm free to do as i please (not quite, but you get the idea).

this is *not security*. this is theater. proper security sometimes

includes the wisdom that certain threats cannot be met without throwing

out the child with the bathwater. some daemon fiddling with rt privs at

runtime in my book qualifies as drowning the child first, then throwing

it out. maybe eating it afterwards, but i'm not sure.
_______________________________________________

Linux-audio-dev mailing list

Linux-audio-dev@lists.linuxaudio.org

http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev