Re: Proposal for inclusion in desktop: gnome-screensaver

From: Rodney Dawes <dobey novell com>
To: Xavier Bestel <xavier bestel free fr>
Cc: release-team gnome org, William Jon McCann <mccann jhu edu>, JP Rosevear <jpr novell com>, desktop-devel-list gnome org
Subject: Re: Proposal for inclusion in desktop: gnome-screensaver
Date: Wed, 26 Oct 2005 11:03:33 -0400

On Wed, 2005-10-26 at 16:54 +0200, Xavier Bestel wrote:
> On Wed, 2005-10-26 at 16:44, Rodney Dawes wrote:
> 
> > 3. Unlocking the screen with the root password should do the same as
> > choosing switch users, and logging in as root. Not doing so is a privacy
> > and security issue, as it may allow root access to remote hosts, that
> > root normally does not have access to.
> 
> Root has access to everything on a normal linux system.

Root on a local machine does not typically have access to all of my
remote accounts. Root may be able to su - user, and have access to all
my files, but not knowing my ssh key passphrase, he wouldn't have access
to my ssh logins on remote hosts. On the other hand, with X, and
ssh-agent, if he gains access to my session, he then has the access to
those remote hosts, very trivially.

And no, the answer to this is not "do not use ssh-agent".

-- dobey

Follow-Ups:
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: Xavier Bestel

References:
- Proposal for inclusion in desktop: gnome-screensaver
  - From: William Jon McCann
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: JP Rosevear
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: Rodney Dawes
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: Xavier Bestel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]