Re: static gchar security

From: Michael Meeks <michael ximian com>
To: "Jason A. Pfeil" <pfeil 10east com>
Cc: Jacob Perkins <jap1 users sourceforge net>, gtk-app-devel-list <gtk-app-devel-list gnome org>, Gnome-Desktop-Devel Mailling List <desktop-devel-list gnome org>
Subject: Re: static gchar security
Date: 06 Nov 2002 09:10:53 +0000

On Tue, 2002-11-05 at 14:55, Jason A. Pfeil wrote:
> It would be *very* insecure.  Any root-level program could pick up that
> password very easily just by examining /dev/kmem.

	Argh ... why ? if root has been compromised - they can attach a
debugger to my ssh-agent, and use whatever method is used internally to
decrypt my internal un-locked private key - and then they are me ! [1]

	Worse - they can poke at all my private files.

	Trying to protect against 'root' is a madman's game - surely.

	Regards,

		Michael.

[1] - is your sense of identity inextricably bound to a large prime ?
-- 
 mmeeks gnu org  <><, Pseudo Engineer, itinerant idiot

References:
- static gchar security
  - From: Jacob Perkins
- Re: static gchar security
  - From: Jason A. Pfeil

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]