> Date: Wed, 1 Jun 2016 15:48:04 +0200 > From: Lennart Poettering <mzerq...@0pointer.de> > Subject: Re: systemd 230 change - KillUserProcesses defaults to yes > To: Development discussions related to Fedora > <devel@lists.fedoraproject.org> > Message-ID: <20160601134804.GB21606@gardel-login> > Content-Type: text/plain; charset=us-ascii > > On Wed, 01.06.16 12:19, Howard Chu (h...@symas.com) wrote: > > > This is still looking at the problem back-asswards. The problem isn't that > > screen and tmux are special cases. The problem is that some handful of > > programs that got spawned in a GUI desktop environment are special cases, > > not exiting when they should. > > > > Fix the broken programs, don't force every well-behaved program in the > > universe to change to accommodate your broken GUI environment. This is > > Programming 101. > > Again, this isn't just work-arounds around broken programs. It's a > security thing. It's privileged code (logind, PID 1) that enforces a > clear life-cycle on unprivileged programs. > > Any scheme that relies on unprivileged programs "being nice" doesn't > fix the inherent security problem: after logout a user should not be > able consume further runtime resources on the system, regardless if he > does that because of a bug or on purpose. >
Sure, having this as an option to be enabled in specific situations is nice, but, it ignores how Linux is admined and used in the real world 90% of the time. If you're going to enable this by default, you enable something that may be needed 10% of the time but break the other 90% of use cases. A sane default does not break the majority use. John. -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
