Re: Proposal for inclusion in desktop: gnome-screensaver



On Wed, 2005-10-26 at 17:15 +0200, Xavier Bestel wrote:
> On Wed, 2005-10-26 at 17:03, Rodney Dawes wrote:
> > On Wed, 2005-10-26 at 16:54 +0200, Xavier Bestel wrote:
> > > On Wed, 2005-10-26 at 16:44, Rodney Dawes wrote:
> > > 
> > > > 3. Unlocking the screen with the root password should do the same as
> > > > choosing switch users, and logging in as root. Not doing so is a privacy
> > > > and security issue, as it may allow root access to remote hosts, that
> > > > root normally does not have access to.
> > > 
> > > Root has access to everything on a normal linux system.
> > 
> > Root on a local machine does not typically have access to all of my
> > remote accounts. Root may be able to su - user, and have access to all
> > my files, but not knowing my ssh key passphrase, he wouldn't have access
> > to my ssh logins on remote hosts. On the other hand, with X, and
> > ssh-agent, if he gains access to my session, he then has the access to
> > those remote hosts, very trivially.
> 
> Root can gain access to your DISPLAY (~/.Xauthority), your tty, your env
> vars, strace or gdb a process, etc. It can even simply kill the
> screensaver. Or install keyloggers.
> Bottom line: if you don't trust root, don't use the machine for
> sensitive data.

If someone has physical access to the machine, they can just unplug it
and walk out the door too. Doesn't mean that our software should promote
lack of privacy. If that's the case, let's just drop the screensaver
totally. What's the point if anyone can just get the data anyway?

-- dobey





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]