registry team mailing list archive

Thread
Date
[Bug 37181] Re: at_console does not adapt to console changes

To: registry@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <37181@xxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Sep 2010 03:36:55 -0000
Reply-to: Bug 37181 <37181@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Launchpad has imported 3 comments from the remote bug at
http://bugs.freedesktop.org/show_bug.cgi?id=9327.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2006-12-13T04:39:46+00:00 Martin Pitt wrote:

Currently, at_console="true" matches users on a physically local console, and
programs like gnome-volume-manager, gnome-power-manager etc. make heavy use of it.

While this is a good concept for things like avahi, where resources do not
compete on each other, it is not sufficient for nm-applet or
gnome-volume-manager, where concurrent access from multiple users do compete.

Therefore, in Ubuntu we added patches to gnome-volume-manager,
gnome-power-manager, etc. to not issue dbus calls if their console is not the
currently active one (on the foreground). Thus, if two people are logged into
the box (user switching), this avoids the race condition 'who will get ownership
of the plugged in USB stick' or 'inactive user's gpm issues a suspend, and the
active user gets totally surprised by that'.

However, checking for this in the particular apps is not only tedious, but also
wrong from a security perspective; the dbus calls will still work.

To solve this cleanly, I propose a new policy type at_console="foreground", or
foreground_console="yes", or similar.

Reply at: https://bugs.launchpad.net/dbus/+bug/37181/comments/12

------------------------------------------------------------------------
On 2006-12-13T04:40:41+00:00 Martin Pitt wrote:

Created an attachment (id=8089)
broken attempt to implement this

In Ubuntu we experimented with a patch that uses libpam-foreground to
implement this policy (unfortunately we didn't rename the option, but
kept it as at_console, since by that time we did not have an use case
for upstream's semantics; now with avahi we do). Unfortunately it does
not work because dbus resolves the policy statically, so
changes of the foreground console are not respected. But maybe
it has some bits you can recycle.

Reply at: https://bugs.launchpad.net/dbus/+bug/37181/comments/13

------------------------------------------------------------------------
On 2007-10-09T12:56:28+00:00 Johnp-redhat wrote:

Upstream GNOME is working with PolicyKit to correctly resolve multi user
policy.  I suspect we will deprecate at_console for this method of
access control.

Reply at: https://bugs.launchpad.net/dbus/+bug/37181/comments/17


** Changed in: dbus
   Importance: Unknown => Medium

-- 
at_console does not adapt to console changes
https://bugs.launchpad.net/bugs/37181
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for D-Bus.