On Jun 1, 2016 7:29 AM, "Tomasz Torcz" <tomek(a)pipebreaker.pl> wrote:
On Wed, Jun 01, 2016 at 10:04:27AM -0400, Dan Book wrote:
> >
> > Again, this isn't just work-arounds around broken programs. It's a
> > security thing. It's privileged code (logind, PID 1) that enforces a
> > clear life-cycle on unprivileged programs.
> >
> > Any scheme that relies on unprivileged programs "being nice"
doesn't
> > fix the inherent security problem: after logout a user should not be
> > able consume further runtime resources on the system, regardless if he
> > does that because of a bug or on purpose.
> >
> > Lennart
>
>
> That's your opinion, and while many sysadmins may share it, many will
not.
> Having this as an optional security feature would be fantastic.
Enforcing
> it by default on every user many of which use tmux, screen,
nohup, and
& to
> persist long running processes for daily work, is not something
to do
just
> because you think it is what people should do.
Just a little perspective – this isn't a new option. KillUserProcesses
functionality
seems to be added by
commit 202630822f52e06dce8404633407329c38099278
Date: Mon May 23 23:55:06 2011 +0200
Five years ago, so basically from day one. We have this optional
security feature – fantastic!
Also, the concept of a ”session” isn't anything new, it's core UNIX
concept (setsid() enyone?)
I think that programs needing special treatment should use operating
system's facilities to communicate that. So tmux, screen, nohup should
really open a new session. It's unfortunate that tmux author is hostile
against that, but maybe a clean, compile-time optional patch would
persuade
him?
You lost me. Tmux almost certainly *already* uses setsid(). The author is
hostile to adding a dbus dependency to tmux to tell systemd that it wants a
new session.
(I suspect that most terminal emulators also call setsid(), so this
approach wouldn't actually work.)
--Andy