Lennart Poettering wrote: > On Mon, 22.06.09 09:33, Arnold Krille (arn...@arnoldarts.de) wrote: > > > You practically cannot take group membership away from a user after > you gave it to him, and also adding a seperate group for every tiny > bit you need to authorize access to doesn't scale.
security is a matter of good design, not of "oh, look, he has become evil, let's revoke his privileges" ad-hockery. it should never be necessary to automatically revoke rights from users. if i have to get rid of a misbehaving creature fast, "passwd -l villain" in combination with "mv ~villain/.ssh /tmp" and a quick pkill fixes things for me. and the very good part is that this decision is made by a human, not by some imperial shitload of policy that caters to the needs of some mythical desktop user. your rtkit cannot protect against anything, you can just play policy catch-up with evildoers forever. that's about the same level of security that outgoing firewalls in windows provide - you depend on process names and whatnot, and if i rename "Internet Explorer.exe" to "Windows Update.exe", i'm free to do as i please (not quite, but you get the idea). this is *not security*. this is theater. proper security sometimes includes the wisdom that certain threats cannot be met without throwing out the child with the bathwater. some daemon fiddling with rt privs at runtime in my book qualifies as drowning the child first, then throwing it out. maybe eating it afterwards, but i'm not sure. _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
