Re: static gchar security
- From: Michael Meeks <michael ximian com>
- To: "Jason A. Pfeil" <pfeil 10east com>
- Cc: Jacob Perkins <jap1 users sourceforge net>, gtk-app-devel-list <gtk-app-devel-list gnome org>, Gnome-Desktop-Devel Mailling List <desktop-devel-list gnome org>
- Subject: Re: static gchar security
- Date: 06 Nov 2002 09:10:53 +0000
On Tue, 2002-11-05 at 14:55, Jason A. Pfeil wrote:
It would be *very* insecure. Any root-level program could pick up that
password very easily just by examining /dev/kmem.
Argh ... why ? if root has been compromised - they can attach a
debugger to my ssh-agent, and use whatever method is used internally to
decrypt my internal un-locked private key - and then they are me ! 
Worse - they can poke at all my private files.
Trying to protect against 'root' is a madman's game - surely.
 - is your sense of identity inextricably bound to a large prime ?
mmeeks gnu org <><, Pseudo Engineer, itinerant idiot
] [Thread Prev