Re: gnome-keyring enhancement proposal



On Tue, 2004-04-13 at 09:45, Erik Grinaker wrote:
> On Tue, 2004-04-13 at 14:39, Alexander Larsson wrote:

> > This isn't really related to gnome-keyring as such. Its just an
> > encrypted store for secrets that apps can integrate with as they see
> > fit.
> 
> True, this is more of a fluffy "this-would-be-kinda-cool" thing. But if
> you run a program as root, gnome-keyring should be able to remember the
> root password so that it's not necessary to re-enter it to run a
> different program as root. This is perhaps possible already, as it's
> just another secret which can be stored in gnome-keyring.

This is actually a very bad idea.  You want to require users to re-enter
a password for running administration tasks.  If they can just enter the
root password once (and maybe decrypt the keychain once per session)
then any virus/malicious-app can just start calling the commands to
launch programs as root.  You basically make the user the root account
permanently.  Very bad idea.

And really, systems should be moving away from the root password
entirely towards more sudo-ish types of operation, where the user enters
their *own* password and the tool/command runs if they have privilege. 
In this case, again, we *do not* want the account password stored in the
keyring, ever, because the purpose of asking for the password is to
verify that the user is really the user (by requiring verifiable user
input).
-- 
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]