KWallet integration

Daniel Stone daniel at fooishbar.org
Thu Sep 4 10:08:40 BST 2003


On Thu, Sep 04, 2003 at 10:56:04AM +0200, Martin Konold wrote:
> Am Thursday 04 September 2003 10:36 am schrieb Daniel Stone:
> > > In general adding extra "security" features which dont really work only
> > > provides people with a missleading impression about their security
> > > status.
> 
> > I'm afraid I have to disagree with you here. I leave my screen unlocked at
> > home and generally at work, but mainly because everyone in the office has
> > sudo access to all the machines anyway, and at home, there are a couple of
> > people with the root password.
> 
> > That does not, however, mean that I want everyone to be able to use my
> > GnuPG key
> 
> Your goal is impossible to be reached!
> 
> Everyone having root access to your machine is easily capable to steal your 
> passwords/idendentity without you even noticing. The Unix/Linux security 
> model simply provides _no_ means to be save from a malicious root.

Aside from the fact that I only keep my GnuPG key on a few trusted machines, and
could use SELinux and ACLs if I wanted to, the point remains the same. My GnuPG
key is password-protected with a strong password, anyhow; I really hope yours
is (if it isn't, I won't sign it, ever).

The issue at hand was slightly more generic, I was just making an example.
Encryption can defeat root.

Of course, if someone *really* wanted my identity, they'd hook a pair of
electrodes to my genitals, and get it out of me that way. If people are
involved, it's inherently insecure.

-- 
Daniel Stone                                              <daniel at fooishbar.org>
http://www.debian.org - http://www.kde.org - http://www.freedesktop.org
"Configurability is always the best choice when it's pretty simple to implement"
  -- Havoc Pennington, gnome-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20030904/9a4ed295/attachment.sig>


More information about the kde-core-devel mailing list