[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SV: MATE 1.8 has now fully arrived in Debian

On Wed, 2014-06-25 at 17:38 +0100, Simon McVittie wrote:
> On 25/06/14 15:43, Svante Signell wrote:
> > Regarding mate desktop policykit-1 build-depends on libsystemd-login-dev
> > only for linux-any. What functionality is missing for other
> > architectures?
> The interesting dependency chain is:
> policykit-1 Depends libpam-systemd [linux-any] (degraded functionality
>                                                 on !linux)
> libpam-systemd Depends systemd (i.e. systemd binaries are installed)
> libpam-systemd Depends systemd-sysv (i.e. systemd is pid 1)
>                     or systemd-shim (i.e. systemd-logind runs, but
>                                           systemd is probably not pid 1)

So the dependencies tracks down to PID1 issues: systemd-sysv | systemd-shim

<text removed>
> Upstream developers in various projects increasingly oppose group-based
> access, because membership of many "desktop stuff" groups essentially
> means "can ssh in and do bad things to a local user". For instance,
> putting desktop users in group 'audio' or 'video' is no longer a
> requirement for access to sound cards on systems with systemd-logind (it
> hands out access using temporary ACLs instead) - which is just as well,
> because putting those users in a group with permanent rw access to the
> sound device or webcam would essentially mean they can ssh in while
> someone else is using a computer, and spy on what is said near it.

Couldn't this problems be solved by denying remote users desktop login,
only by tty, and the only way to get to the desktop is with startx?
(Maybe not so liked for a modern box??)

This is one of the best descriptions I've see in a long time, Thanks
Simon, no bashing, just facts :)

Reply to: