On Wed, Jan 18, 2006 at 10:58:07AM -0500, Ryan Lortie wrote: > This is exactly the problem. In order for g-p-m to do its stuff we have > to add to HAL the ability for any user to say "suspend the system > now" (since g-p-m needs to do this and it's just running as a normal > user). If any user can say "suspend now" then I can be logged in as a > background user and play nasty tricks on the console user. HAL > currently has no mechanism for making a distinction between background > users and the user that currently 'controls' the machine.
I don't think hal's the right layer to make that distinction. I'm working on implementing it at the dbus level. This isn't something that's limited to power management, so hal is going to end up needing this functionality even if g-p-m turned into a system daemon. I'd argue that one well-audited mechanism for hal to execute privileged code is preferable to half a dozen small system daemons running as root and managing to duplicate each others bugs. -- Matthew Garrett | [EMAIL PROTECTED] _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
