Kjetil Svalastog Matheussen <k.s.matheussen(a)notam02.no> writes:
What about this one:
(4) Let the user that is currently physical logged in to the machine
get realtime privileges.
Good idea.
I don't know enough about the 2.6 security model to say how one might
go about implementing that.
In some ways this reminds me of the "Secure Attention Key" specified
by the DoD Orange Book for secure systems. The Linux kernel has an
SAK of sorts (see Documentation/SAK.txt in the kernel sources). This
rather cumbersome idea is intended to defeat Trojan horse attacks such
as putting up a fake login screen to steal passwords. The SAK kills
any process attached to the terminal (/dev/console in this case), and
then starts a known trusted application to which the user must
authenticate himself.
This seems overkill for implementing your idea, but something along
those lines would probably work, I suppose. I presume that the
SELinux people have come up with solutions for these problems that
work within the 2.6 security module scheme.
It does seem difficult within the context of X11 to prove that a user
is actually local to the machine. Some people may want to cluster
audio systems on a LAN somehow, so that restriction may not always be
appropriate.
Careful system administration can probably ensure that only a small
group of users are authorized to login. One of the things I like
about the `audio' group approach is that it is easy to administer and
simple to verify who has access to those privileges.
--
joq