Re: Proposal for inclusion in desktop: gnome-screensaver
- From: Xavier Bestel <xavier bestel free fr>
- To: Rodney Dawes <dobey novell com>
- Cc: release-team gnome org, William Jon McCann <mccann jhu edu>, JP Rosevear <jpr novell com>, desktop-devel-list gnome org
- Subject: Re: Proposal for inclusion in desktop: gnome-screensaver
- Date: Wed, 26 Oct 2005 17:15:47 +0200
On Wed, 2005-10-26 at 17:03, Rodney Dawes wrote:
> On Wed, 2005-10-26 at 16:54 +0200, Xavier Bestel wrote:
> > On Wed, 2005-10-26 at 16:44, Rodney Dawes wrote:
> >
> > > 3. Unlocking the screen with the root password should do the same as
> > > choosing switch users, and logging in as root. Not doing so is a privacy
> > > and security issue, as it may allow root access to remote hosts, that
> > > root normally does not have access to.
> >
> > Root has access to everything on a normal linux system.
>
> Root on a local machine does not typically have access to all of my
> remote accounts. Root may be able to su - user, and have access to all
> my files, but not knowing my ssh key passphrase, he wouldn't have access
> to my ssh logins on remote hosts. On the other hand, with X, and
> ssh-agent, if he gains access to my session, he then has the access to
> those remote hosts, very trivially.
Root can gain access to your DISPLAY (~/.Xauthority), your tty, your env
vars, strace or gdb a process, etc. It can even simply kill the
screensaver. Or install keyloggers.
Bottom line: if you don't trust root, don't use the machine for
sensitive data.
Xav
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
