Re: gnome-keyring enhancement proposal
- From: "Manuel Amador (Rudd-O)" <amadorm usm edu ec>
- To: Erik Grinaker <erikg wired-networks net>
- Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Re: gnome-keyring enhancement proposal
- Date: Fri, 16 Apr 2004 19:41:10 -0400
See pam_timestamp. Those who want to have admin tools be run as root with a
single password for like ten minutes can use it.
Fedora comes with it included.
Quoting Erik Grinaker <erikg wired-networks net>:
> On Tue, 2004-04-13 at 16:34, Sean Middleditch wrote:
> > On Tue, 2004-04-13 at 10:23, Erik Grinaker wrote:
> >
> > > Yes, this would of course need to be weighed against security
> > > considerations - for example by using a timeout, so that once you enter
> >
> > I may be pedantic about this, but security always wins. We don't want
> > to do the Microsoft method of security - hide it away behind simplicity
> > - and screw users over. Something closer to Mac OS X approach to
> > security - make it *easy* but still there and working hard - would be
> > much more appropriate. Password dialogs for every administration tool
> > (which, honestly, are *not* that commonly run) are good things. We want
> > those dialogs to make sense, to explain what they're doing, why they're
> > doing it, provide tons of help, and of course reduce the need to run
> > things with enhanced privileges at all, but those actions still need to
> > keep the user in the loop and ensure that only actions the user
> > wants/need are done.
> >
> > > the root password, you can launch apps as root for ten minutes or
> > > something. You would still need to explicitly start programs as root,
> > > just don't re-enter the password.
> >
> > I don't particularly agree, because that still leaves a 10 minute window
> > for the problem when all a virus needs is a half second. (or less,
> > really.)
>
> When it comes to granting root privileges, security of course needs to
> be a primary concern - I'm just convinced there should be some way to
> solve this and still keep the system secure. But I may be totally off
> track here...
>
> In any case, it would at least be nice if one could easily start
> programs as other users, even if one had to re-enter the password every
> time. In that case this becomes completely unrelated to gnome-keyring,
> but still...
>
>
> --
> Erik Grinaker <erikg wired-networks net>
> http://erikg.wired-networks.net/
>
> "We act as though comfort and luxury were the chief requirements of
> life, when all that we need to make us happy is something to be
> enthusiastic about."
> -- Albert Einstein
>
> _______________________________________________
> desktop-devel-list mailing list
> desktop-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/desktop-devel-list
>
suerte,
Rudd-O
===========================================================
UNIVERSIDAD TECNICA FEDERICO SANTA MARIA
CAMPUS GUAYAQUIL
CENTRO DE SERVICIOS INFORMATICOS
Mail enviado a traves de IMP-USM: http://www.usm.edu.ec/imp
Los invitamos a visitar http://www.usm.edu.ec
===========================================================
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]