23 May
2012
23 May
'12
17:42
On Wed, May 23, 2012 at 4:05 AM, Andreas Jaegerwrote: > On Wednesday, May 23, 2012 01:16:29 Claudio Freire wrote: >> >> From personal experience, handling of external storage[0] in multiuser >> (and I mean multiple concurrent sessions) desktops is very poorly >> handled. >> >> It's probably more a bug than anything else, but I thought I'd mention >> since the wiki shows it as "OK" when it still could use some love. > > What exactly is the problem? Please describe in more detail. >From memory: * when an USB drive is inserted into a multi-session desktop, a popup will appear for all users. It should only appear to the active user - though I'm not sure there's an easy fix for that. * when a user mounts a drive, other users may be able to read that drive, but not write or unmount it. It's not *wrong* per-se, but it confounds and annoys newbies a great deal. * when a user logs out without unmounting the drive, it remains permanently mounted. Other users cannot unmount it, except with root privileges from the cli. Again, not-for-newbies(tm). >> It's also quite easy to leak out sensitive information (ie: even >> passwords) by inspecting uninitialized video memory, since drivers >> tend not to clear buffers on (de)allocation, so previous video content >> is easily visible in newly created buffers. This would be a serious >> security issue if *any* user were to be given access to the GPU in >> concurrency with any other user. >> >> Network access, also, needs some consideration for VPNs, which are >> rather common both in single-user laptops and enterprise environments. > > I consider that handled via NetworkManager for the single-user laptop, I'm assuming the comment applies to VPNs and not GPU leaks? I never succeeded in creating VPNs with NM. I haven't tried the latest NM versions though, it might have improved. I've sticked to vpnc-(dis)connect for a while now. Last time I tried, IIRC, it failed to create any kind of VPN without root access (whereas it works fine for wifi without root access), and the VPNs it created didn't actually work. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org