Re: Current network-password-saving feature needs improvement.

On Fri, 2002-07-19 at 18:02, desktop-devel-list-request gnome org wrote:
> 	Please stop this guff. Root can do anything; they can snapshot all the
> core memory, swap - if they're lucky fire up a debugger, and invoke the
> "trivial_demangle_password" method, on whatever piece of memory it's
> stored in.

These things all require time, devotion and skill to do. Retrieving the
gconf-stored password of _every_ user on the system is trivially
scriptable, an attacker would only need a very small window of time to
aqquire passwords for a potentially very large number of mail and proxy

I agree in principle to the notion that you if you don't trust root,
stay away from the system. root is the lizard king, he can do anything.
But one should remember that in a few unfortunate cases, root might
happen to be a 14-year old with some neat scripts and too much spare
time. Getting hold of sensitive information should not be trivial.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]