On Thu, 2009-06-18 at 20:53 +0100, Matthew Garrett wrote: > On Thu, Jun 18, 2009 at 07:09:29PM +0100, Richard W.M. Jones wrote: > > On Thu, Jun 18, 2009 at 11:02:22AM -0400, Matthias Clasen wrote: > > > The retained authorization is only valid for the subject that obtained > > > it, which will typically be a process (identified by process id and > > > start time) or a canonical bus name. And your malware does not have > > > either. > > > > Can the malware inject code into the process which gained the > > authentication (eg. using ptrace)? > > If you have malware in your session then it's already able to capture > your password. You've already effectively lost. Trusted path should prevent the malware from being able to steal your password, but it will take some time before we have that. Simo. -- Simo Sorce * Red Hat, Inc * New York -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
