On Thu, 02.06.16 18:00, Sam Varshavchik (mr...@courier-mta.com) wrote: > If an unprivileged program, like tmux, or screen, or nohup, can do whatever > dbus/ibus thingy it needs to do in order to elevate itself to a new > "session", and make arrangements to prevent itself from getting nuked from > high orbit by KillUserProcesses, then the same thing can obviously be done > by any other process. Like the same rogue spambot that's being discussed > here. The rogue spambout in question can simply talk to systemd itself, and > arrange for it not to be killed when the user logs out. Just like any other > process. There goes the added "security" we were hoping to achieve, > here.
Key here is that the life-cycle is enforced by privileged code, and that this privileged code checks system policy (as in PolicyKit) when deciding what to do. Yes, the default policy we ship is friendly, and says that users can stick around if they want, via lingering, but key here is that this policy check is done by privileged code, and stored in privileged policy. Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
