On Wed, Jun 01, 2016 at 07:35:21AM -0700, Andrew Lutomirski wrote:
On Jun 1, 2016 7:29 AM, "Tomasz Torcz"
> On Wed, Jun 01, 2016 at 10:04:27AM -0400, Dan Book wrote:
> > >
> > > Again, this isn't just work-arounds around broken programs. It's
> > > security thing. It's privileged code (logind, PID 1) that enforces a
> > > clear life-cycle on unprivileged programs.
> > >
> > > Any scheme that relies on unprivileged programs "being nice"
> > > fix the inherent security problem: after logout a user should not be
> > > able consume further runtime resources on the system, regardless if he
> > > does that because of a bug or on purpose.
> > >
> > > Lennart
> > That's your opinion, and while many sysadmins may share it, many will
> > Having this as an optional security feature would be fantastic.
> > it by default on every user many of which use tmux, screen, nohup, and
> > persist long running processes for daily work, is not something to do
> > because you think it is what people should do.
> Just a little perspective – this isn't a new option. KillUserProcesses
> seems to be added by
> commit 202630822f52e06dce8404633407329c38099278
> Date: Mon May 23 23:55:06 2011 +0200
> Five years ago, so basically from day one. We have this optional
> security feature – fantastic!
> Also, the concept of a ”session” isn't anything new, it's core UNIX
> concept (setsid() enyone?)
> I think that programs needing special treatment should use operating
> system's facilities to communicate that. So tmux, screen, nohup should
> really open a new session. It's unfortunate that tmux author is hostile
> against that, but maybe a clean, compile-time optional patch would
You lost me. Tmux almost certainly *already* uses setsid(). The author is
hostile to adding a dbus dependency to tmux to tell systemd that it wants a
(I suspect that most terminal emulators also call setsid(), so this
approach wouldn't actually work.)
That's kind the point. It would be great to know what exactly need to
be done by programs. Examples, examples, examples. Apparently setsid() is not enough.
Tomasz Torcz There exists no separation between gods and men:
xmpp: zdzichubg(a)chrome.pl one blends softly casual into the other.