Re: Proposal for inclusion in desktop: gnome-screensaver



On Wed, 2005-10-26 at 17:03, Rodney Dawes wrote:
> On Wed, 2005-10-26 at 16:54 +0200, Xavier Bestel wrote:
> > On Wed, 2005-10-26 at 16:44, Rodney Dawes wrote:
> > 
> > > 3. Unlocking the screen with the root password should do the same as
> > > choosing switch users, and logging in as root. Not doing so is a privacy
> > > and security issue, as it may allow root access to remote hosts, that
> > > root normally does not have access to.
> > 
> > Root has access to everything on a normal linux system.
> 
> Root on a local machine does not typically have access to all of my
> remote accounts. Root may be able to su - user, and have access to all
> my files, but not knowing my ssh key passphrase, he wouldn't have access
> to my ssh logins on remote hosts. On the other hand, with X, and
> ssh-agent, if he gains access to my session, he then has the access to
> those remote hosts, very trivially.

Root can gain access to your DISPLAY (~/.Xauthority), your tty, your env
vars, strace or gdb a process, etc. It can even simply kill the
screensaver. Or install keyloggers.
Bottom line: if you don't trust root, don't use the machine for
sensitive data.

	Xav





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]