Re: static gchar security

On Tue, 2002-11-05 at 14:55, Jason A. Pfeil wrote:
It would be *very* insecure.  Any root-level program could pick up that
password very easily just by examining /dev/kmem.

        Argh ... why ? if root has been compromised - they can attach a
debugger to my ssh-agent, and use whatever method is used internally to
decrypt my internal un-locked private key - and then they are me ! [1]

        Worse - they can poke at all my private files.

        Trying to protect against 'root' is a madman's game - surely.



[1] - is your sense of identity inextricably bound to a large prime ?
 mmeeks gnu org  <><, Pseudo Engineer, itinerant idiot

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]