On Thu, 2016-06-02 at 14:19 -0400, Paul Wouters wrote:
>
> On Jun 1, 2016, at 09:48, Lennart Poettering wrote:
>
> Any scheme that relies on unprivileged programs "being nice"
> doesn't
> fix the inherent security problem: after logout a user should not
> be
> able consume further runtime resources on the system, regardless if
> he
> does that because of a bug or on purpose.
You are redefining the meaning of (a graphical) logout. It simply
means another user can use the mouse,
keyboard and screen of this device. It makes no statement on whether
the machines resources are shared or not.
It allows you to kill anything that has to do with the user
controlling the screen, keyboard and mouse but the killing should be
limited to those processes. And then we are back at "just fix those
broken processes".
I think the discussion is starting to go in circles. It is pretty clear
that we have different opinions about the desired behavior of logout.