[Pkg-utopia-maintainers] Bug#780004: udisks2: rules for devices on this seat / other seat interact poorly with dbus-user-session
Simon McVittie
smcv at debian.org
Sun Mar 8 13:50:07 UTC 2015
On 07/03/15 23:43, Simon McVittie wrote:
> One possibility for fixing this would be to change the pseudocode to this:
>
> let device_seat = device->seat
>
> if (device_seat) {
> for session in requesting uid's active sessions {
> if session->seat && session->seat == device_seat {
> use a polkit rule like org.freedesktop.udisks2.filesystem-mount
> return
> }
> }
> }
>
> use a polkit rule like org.freedesktop.udisks2.filesystem-mount-other-seat
>
> with the justification that different sessions with the same uid do not
> really represent a security boundary.
Here is a possible patch. Not tagging it +patch just yet because I'd
like to get a second opinion on this before we commit to it as API,
either from a Debian maintainer or upstream (I'll talk to upstream about
it next week).
S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Decide-whether-devices-are-on-the-same-seat-by-uid-n.patch
Type: text/x-patch
Size: 26119 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20150308/53f8ac0c/attachment-0001.bin>
More information about the Pkg-utopia-maintainers
mailing list