On Wednesday, May 23, 2012 14:42:18 Claudio Freire wrote:
On Wed, May 23, 2012 at 4:05 AM, Andreas Jaeger
wrote: On Wednesday, May 23, 2012 01:16:29 Claudio Freire wrote:
From personal experience, handling of external storage[0] in multiuser (and I mean multiple concurrent sessions) desktops is very poorly handled.
It's probably more a bug than anything else, but I thought I'd mention since the wiki shows it as "OK" when it still could use some love.> What exactly is the problem? Please describe in more detail.
From memory: * when an USB drive is inserted into a multi-session desktop, a popup will appear for all users. It should only appear to the active user - though I'm not sure there's an easy fix for that. * when a user mounts a drive, other users may be able to read that drive, but not write or unmount it. It's not *wrong* per-se, but it confounds and annoys newbies a great deal. * when a user logs out without unmounting the drive, it remains permanently mounted. Other users cannot unmount it, except with root privileges from the cli. Again, not-for-newbies(tm).
I see - the multiseat setup is something we didn't have in mind when discussing. Could you enhance the wiki page a bit for that, please?
It's also quite easy to leak out sensitive information (ie: even passwords) by inspecting uninitialized video memory, since drivers tend not to clear buffers on (de)allocation, so previous video content is easily visible in newly created buffers. This would be a serious security issue if *any* user were to be given access to the GPU in concurrency with any other user.
Network access, also, needs some consideration for VPNs, which are rather common both in single-user laptops and enterprise environments.> I consider that handled via NetworkManager for the single-user laptop, I'm assuming the comment applies to VPNs and not GPU leaks?
Yes, correct. I'm only talking about VPNs
I never succeeded in creating VPNs with NM. I haven't tried the latest NM versions though, it might have improved. I've sticked to vpnc-(dis)connect for a while now. Last time I tried, IIRC, it failed to create any kind of VPN without root access (whereas it works fine for wifi without root access), and the VPNs it created didn't actually work.
It worked fine for me last time I tried with openvpn but I don't remember whether I needed the root password or not, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org