Re: gnome-keyring enhancement proposal
- From: Sean Middleditch <elanthis awesomeplay com>
- To: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Re: gnome-keyring enhancement proposal
- Date: Tue, 13 Apr 2004 14:30:57 -0400
On Tue, 2004-04-13 at 14:26, Erik Grinaker wrote:
> On Tue, 2004-04-13 at 16:34, Sean Middleditch wrote:
> > I don't particularly agree, because that still leaves a 10 minute window
> > for the problem when all a virus needs is a half second. (or less,
> > really.)
>
> When it comes to granting root privileges, security of course needs to
> be a primary concern - I'm just convinced there should be some way to
> solve this and still keep the system secure. But I may be totally off
> track here...
solve what? there isn't anything that really needs solving that isn't
already. you want to run a program with different or enhanced
privileges, ask for the passphrase, and don't even think about trying to
automate or hide it. which is mostly what we already have, except for
silly hacks like Red Hat's pam_timestamp thing. good and secure, isn't
done so often that it's really a bother (if you are consistently running
program after program as another user, there is something else wrong
with the system setup or your usage habits rather than with the security
design).
>
> In any case, it would at least be nice if one could easily start
> programs as other users, even if one had to re-enter the password every
> time. In that case this becomes completely unrelated to gnome-keyring,
> but still...
The question is, why are you trying to start programs as other users?
This shouldn't ever be needed. We use separate user accounts for a
reason. :)
The only case I can think of is user accounts, which distros take care
of using things like pam_console or kdesu/xsu, etc.
--
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
