[LAD] [ANNOUNCE] Safe real-time on the desktop by default; Desktop/audio RT developers, read this!

Jörn Nettingsmeier nettings at folkwang-hochschule.de
Mon Jun 22 21:35:57 UTC 2009


Lennart Poettering wrote:
> On Mon, 22.06.09 09:33, Arnold Krille (arnold at arnoldarts.de) wrote:
> 
> 
> You practically cannot take group membership away from a user after
> you gave it to him, and also adding a seperate group for every tiny
> bit you need to authorize access to doesn't scale.

security is a matter of good design, not of "oh, look, he has become
evil, let's revoke his privileges" ad-hockery.

it should never be necessary to automatically revoke rights from users.
if i have to get rid of a misbehaving creature fast, "passwd -l villain"
in combination with "mv ~villain/.ssh /tmp" and a quick pkill fixes
things for me. and the very good part is that this decision is made by a
human, not by some imperial shitload of policy that caters to the needs
of some mythical desktop user.

your rtkit cannot protect against anything, you can just play policy
catch-up with evildoers forever. that's about the same level of security
that outgoing firewalls in windows provide - you depend on process names
and whatnot, and if i rename "Internet Explorer.exe" to "Windows
Update.exe", i'm free to do as i please (not quite, but you get the idea).
this is *not security*. this is theater. proper security sometimes
includes the wisdom that certain threats cannot be met without throwing
out the child with the bathwater. some daemon fiddling with rt privs at
runtime in my book qualifies as drowning the child first, then throwing
it out. maybe eating it afterwards, but i'm not sure.






More information about the Linux-audio-dev mailing list