Posted Jul 17, 2009 17:29 UTC (Fri) by jsbarnes (guest, #4096)
In reply to: Rootless X by i3839
Parent article: Rootless X
Arjan has some ideas about it; having some sort of revoke syscall would make things easy. But now that X uses HAL for getting at input devices, we could use it instead. HAL could notify the server that its input devices have been unplugged at user switch time; any remaining users of the input device nodes after that would be assumed to be malicious and could be killed by simply looking at the list of processes associated with those files. Combine that with an ownership change, and the input part of user switching is solved.
I think we still need to work on the DRM master/auth scheme though, maybe allowing set/drop master to be an unprivileged call (only allowing one master of course).