On Sun, Jan 31, 2010 at 10:08:01AM -0700, Matthew Wilcox wrote:

On Sat, Jan 30, 2010 at 11:13:07PM -0800, Dmitry Torokhov wrote:

quoted

quoted

Yes, that's right.  I didn't quite go far enough in my explanation
above ...  the X server can look around the system to see what trusted
daemons (running as either root or the same user as the one running X)
currently have the device open, and notify the user if there's additional
openers that it isn't expecting.

Then it will be constant race between X and the rest of the world with X
pretty much always behind. Kind of like SELinux - as soon as try moving
left or right the thing starts screaming at you...

Only if it's done badly (eg whitelisting HAL and Devkit).  The algorithm
I proposed above (allow anything owned by root, and anything owned by
the same user that is running X) should be secure, and futureproof.
Ultimately, it's up to the distro to get this right.

Ah, OK then. Well, I don't think that we need any special support from
kernel then. If users could create device nodes on their own we'd be in
trouble right now, but since they can't by default we should be good.

-- 
Dmitry