Re: [Xpert]Re: User-level Tasks in Hotplug Scripts?



Jim Gettys wrote:


We need a secure, interoperable way for configuration scripts running
as root to pop up configuration GUI's on user's servers, and we need it soon
(yesterday), as hot-plug is now a reality on Linux systems....

Handling this for the local case is first priority, but we should give some
thought about the possibility that the administrator's display is somewhere
else in the network (e.g. we're configuring a server system's hotplug event,
so the admin is elsewhere).



Is this really what "we" need?
Having stuff "pop up" when certain event occur is probably very nice in many situations, but there are good reasons to why this kind of stuff only happens in the windoze world. You need to, for example, ask yourself the following questions:

  Who is the "administrator"?
  What if there is no "administrator" logged in?
  What if there's several "administrators" logged in?
How to you distinguish interactive from non-interactive "administrator" logins?

 How do you even know if the "administrator" is running X?

  What happens if the "administrator" isn't running X?
  How do authenticate with the "administators" display?
  How do you know if the "administrators" X session is secure?
If it isn't, is it still appropriate to pop up a configuration GUI on the "administrators" display?

IMHO, interactive configuration needs to be explicitly invoked by the administrator whether or not we're talking about configuring hot-pluggable devices. Any configuration taking place when a hot-plug device becomes available needs to be non-interactive and should be limited to picking up a configuration prepared on beforehand or a default (secure) minimum configuration.

The way the current pcmcia configuration takes place is, IMHO, The right way.

By the way, please don't cross-post excessively like this...

--
Christer Palm




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]