Re: gnome-user-share



On Sat, 2004-09-11 at 03:35 +0200, Carlos Garnacho wrote:
> On Fri, 2004-09-10 at 09:08 +0200, Alexander Larsson wrote:
> > 
> > Surely, you are not proposing to store the root password in gnome-
> > keyring? You might as well have no root password. gnome-keyring is an
> > API for requesting passwords for applications, so any app/virus/trojan
> > could ask for the root password and then break into your system.
> > Normally you get a dialog asking for permission first, but even that can
> > be bypassed by a clever person, as the root password is in readable
> > memory in one of your processes.
> 
> Holy crap! Then I'm glad that epiphany still doesn't use g-k, anyone
> could access their bank account through internet and store the password
> there, or simply access to their servers at work from home. My root
> password isn't valuable at all besides losing my money, job, etc...
> because of such weird use ;)
> 
> Thanks for pointing this out, though

Thus, you don't store the password or other secrets that you care much
about in any sort of password storage. Thats why they're called
"secrets". Do you store the pin code for your visa card in your wallet?

epiphany uses the WalletService interface to store passwords instead of
gnome-keyring. This systems, just like gnome-keyring, does store
passwords in memory and lets you get at them easily (that is after all
their purpose). I hope you don't store your internet banking password in
there, because if any webpage manage to somehow run code it'll be able
to read it. nsIWalletService is even scriptable, so you might be able to
access it from javascript if you can bypass some security checks.

keychain managers are very useful in a time where we have hundreds of
passwords for various webpages and whatnot. You can easily create a
random password for some site, store it in the keyring and never have to
remember anything but the keychain password. This is much safer than
using the same password for everything, but you still have to take care
about the really important secrets.

gnome-keyring is secure on-disk, so once you're logged out or you've
locked the keyring it is hard to get at your stored passwords. However,
once you've unlocked the keyring they *are* stored unencrypted in
memory, so they are never completely secure.
 
> > I realize there is a need for a way for sysadmin style users to easily
> > set up "global shares", but i'm personally not very interested in this.
> 
> hmmm, sharing things in windows networks is "sysadmin stuff"? In my
> really humble opinion, we should provide some way to make gnome network
> friendly under as many circumstances as possible, in any work I've been
> before (and in any home with >2 computers with windows) there was a
> windows networking, and I don't expect this to change anytime soon.

I'm not saying setting up a global share should be difficult. I'm just
not very interested in it. And I don't think having to be root to do it
is all that bad, unless its the only way to quickly share a file with a
friend. But it doesn't have to be, as i've shown.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a suave coffee-fuelled librarian fleeing from a secret government 
programme. She's a hard-bitten snooty widow from out of town. They fight 
crime! 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]