Re: gnome-keyring enhancement proposal
- From: Erik Grinaker <erikg wired-networks net>
- To: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Re: gnome-keyring enhancement proposal
- Date: Tue, 13 Apr 2004 16:23:53 +0200
On Tue, 2004-04-13 at 16:02, Sean Middleditch wrote:
> On Tue, 2004-04-13 at 09:45, Erik Grinaker wrote:
> > True, this is more of a fluffy "this-would-be-kinda-cool" thing. But if
> > you run a program as root, gnome-keyring should be able to remember the
> > root password so that it's not necessary to re-enter it to run a
> > different program as root. This is perhaps possible already, as it's
> > just another secret which can be stored in gnome-keyring.
>
> This is actually a very bad idea. You want to require users to re-enter
> a password for running administration tasks. If they can just enter the
> root password once (and maybe decrypt the keychain once per session)
> then any virus/malicious-app can just start calling the commands to
> launch programs as root. You basically make the user the root account
> permanently. Very bad idea.
>
> And really, systems should be moving away from the root password
> entirely towards more sudo-ish types of operation, where the user enters
> their *own* password and the tool/command runs if they have privilege.
> In this case, again, we *do not* want the account password stored in the
> keyring, ever, because the purpose of asking for the password is to
> verify that the user is really the user (by requiring verifiable user
> input).
Yes, this would of course need to be weighed against security
considerations - for example by using a timeout, so that once you enter
the root password, you can launch apps as root for ten minutes or
something. You would still need to explicitly start programs as root,
just don't re-enter the password.
The root password probably shouldn't be stored in the keyring itself,
but it would be nice to have a common system for handling this,
gnome-keyring or something else, so any security issues and bugs can be
handled in one place. I don't really see how this is more insecure than
opening a root-shell, which you may forget to log out of when you leave
your computer to get more coffee or whatever.
Again, I haven't thought this through fully, but I just want to stir up
a small discussion so that it at least is considered. Maybe a good
solution might come out of it...
--
Erik Grinaker <erikg wired-networks net>
http://erikg.wired-networks.net/
"We act as though comfort and luxury were the chief requirements of
life, when all that we need to make us happy is something to be
enthusiastic about."
-- Albert Einstein
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]