Re: [RFC] Fast-user-switching plans

On Wed, 2010-06-09 at 16:28 -0700, Dan Williams wrote:
> I think it's clear that even if there are no user connections as such,
> that we still need secrets on a per-user basis for some connections.
> And that's not actually that hard to do, and we've got most of the code
> written for that already.

One more thought on that subject - not sure if it's a realistic concern
or not.

User secrets stored in gnome-keyring and equivalents are stored
securely, in such a way that no other user (even root) can readily [1]
obtain them. Can the same be done for user secrets stored at a system
level, i.e preventing a privileged user on one system from stealing
another user's credentials for a second system?

My viewpoint on this is our workstations at work, where practically
every developer has root access in order to do their job - that doesn't
mean they should be able to bring up a VPN link to my system at home.

[1] Yeah, I know that with enough work, a privileged user can get around
that, patching NM binaries, etc. But that's no reason to make it easy...


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]