Start new session...

Fri Oct 11 16:38:34 BST 2002

On Fri, Oct 11, 2002 at 01:41:12PM +0200, Thomas Zander wrote:
> but which questions do you think are answered in such a way that I
> propbably should have said 'ok' ?
> 
all :)
you should also write up an evaluation of every of my arguments, so we
know which ones you don't consider sufficient. ;)

your major concern seems to be the left over "simple self-nukability".
in your quotings you forgot this one:

----------------
On Thu, Oct 10, 2002 at 07:15:55PM +0200, Josef Weidendorfer wrote:
> There's a lot of complexity in this feature.
>
sure, but this complexity is not unique to this feature. i repeat
myself, but some people don't seem to understand: this is not a
completely new feature, it's only _one more_ way to exploit unix's
multi-user capabilities. particularily, you were able to have configured
multiple xservers at the same time from the beginngings of time. the
only new thing about this feature is, that new xservers are started
on-demand by kdm, as opposed to running all the time or being started
manually with "startx -- :[1|2|...]" from the command line.

> Did you already thought about "unique" applications, e.g. kmail,
> korganizer? [...]
>
this feature is in no way intended for logging in the same user several
times (although it won't prevent you from doing so). usually it's
plainly stupid to do so.

> > > > > > > When pressing 'shutdown' in kdm, is there a message?
> > > > > >
> > > > [...] so the bottom line is: most probably after 3.1. :(
> > >
> > > I don't think this is acceptable.
> >
> > i don't consider it a show-stopper. sure, it can be a major problem,
> > but hey, this is not the only way you can nuke yourself or somebody
> > else by accident.  i'll do my best anyway. ;)
>
> The problem is: You can nuke yourself or other people without knowing
> you did.
>
as you could before. you can nuke other manually started x-servers, you
can nuke vts you forgot to close and you can nuke other users that
logged into your machine remotely.
the only concern is, that i made it simpler for the "dummy" user to get
into this situation, so a generic solution is more urgent now.
-------------

even when i implement this safeguard in kdm, the user will still be able
to nuke himself _in that way_ (you know that many work as root or have
setuid root shutdown-utils).
the bottom line is, that i don't consider this inherent problem of
multi-user architectures a show-stopper for "my" feature. i can (and
will) make the situation better (by safeguarding the most prominent
place to shut down), but i simply can't fix it to 100%. so this problem
cannot be considered a show-stopper, as in the end it would mean to
remove any multi-user capabilities from unix for the sake of user's
safety.

greetings

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.