Re: gnome-keyring enhancement proposal

From: Sean Middleditch <elanthis awesomeplay com>
To: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: gnome-keyring enhancement proposal
Date: Tue, 13 Apr 2004 10:34:26 -0400

On Tue, 2004-04-13 at 10:23, Erik Grinaker wrote:

> Yes, this would of course need to be weighed against security
> considerations - for example by using a timeout, so that once you enter

I may be pedantic about this, but security always wins.  We don't want
to do the Microsoft method of security - hide it away behind simplicity
- and screw users over.  Something closer to Mac OS X approach to
security - make it *easy* but still there and working hard - would be
much more appropriate.  Password dialogs for every administration tool
(which, honestly, are *not* that commonly run) are good things.  We want
those dialogs to make sense, to explain what they're doing, why they're
doing it, provide tons of help, and of course reduce the need to run
things with enhanced privileges at all, but those actions still need to
keep the user in the loop and ensure that only actions the user
wants/need are done.

> the root password, you can launch apps as root for ten minutes or
> something. You would still need to explicitly start programs as root,
> just don't re-enter the password.

I don't particularly agree, because that still leaves a 10 minute window
for the problem when all a virus needs is a half second.  (or less,
really.)

> The root password probably shouldn't be stored in the keyring itself,
> but it would be nice to have a common system for handling this,
> gnome-keyring or something else, so any security issues and bugs can be
> handled in one place. I don't really see how this is more insecure than

like, say, pam?  ;-)

> opening a root-shell, which you may forget to log out of when you leave
> your computer to get more coffee or whatever.

the problem isn't someone else coming over to your computer.  the
problem is that malicious code, like a virus or some other app, will
then be able to launch/run commands as root without your knowledge or
intervention.  if launching said commands requires the password dialog
to always popup (with a decent explanation about *why* its popping up -
application X is trying to do Y) then it's a lot easier to not only stop
the virus from causing system damage, but also to figure out that you
have a virus to begin with.

> 
> Again, I haven't thought this through fully, but I just want to stir up
> a small discussion so that it at least is considered. Maybe a good
> solution might come out of it...
-- 
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.

Follow-Ups:
- Re: gnome-keyring enhancement proposal
  - From: Erik Grinaker
- Re: gnome-keyring enhancement proposal
  - From: Enver ALTIN

References:
- gnome-keyring enhancement proposal
  - From: Erik Grinaker
- Re: gnome-keyring enhancement proposal
  - From: Alexander Larsson
- Re: gnome-keyring enhancement proposal
  - From: Erik Grinaker
- Re: gnome-keyring enhancement proposal
  - From: Sean Middleditch
- Re: gnome-keyring enhancement proposal
  - From: Erik Grinaker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]