Re: security policy / root passwords

To: debian-devel@lists.debian.org
Subject: Re: security policy / root passwords
From: Simon McVittie <smcv@debian.org>
Date: Mon, 10 Jun 2013 15:51:31 +0100
Message-id: <[🔎] 51B5E7F3.2000101@debian.org>
In-reply-to: <[🔎] 8461xmt4ly.fsf@sauna.l.org>
References: <[🔎] 51B4B11E.8080701@pocock.com.au> <[🔎] 20130609172016.GB26067@nighthawk.chemicalconnection.dyndns.org> <[🔎] 20130610072118.GC26067@nighthawk.chemicalconnection.dyndns.org> <[🔎] 848v2izak6.fsf@sauna.l.org> <[🔎] CALiCqYZeNkTn=gdAjas2LRX=3LLjANejFNqX=Pss98nkMXWKtA@mail.gmail.com> <[🔎] 51B5B9B9.4080701@pocock.com.au> <[🔎] 51B5C2CA.70100@debian.org> <[🔎] 51B5CC89.3060306@pocock.com.au> <[🔎] 51B5D6CB.5080303@debian.org> <[🔎] 8461xmt4ly.fsf@sauna.l.org>

On 10/06/13 15:36, Timo Juhani Lindfors wrote:
> Simon McVittie <smcv@debian.org> writes:
>>     * ability to use system-modal prompting or a secure input path
>>       (partially done by PK under GNOME Shell, likely to get better
>>       under Wayland, not supported by sudo or su)
> 
> Not relevant to the current discussion but this got me curious: can the
> input path really be secure under X11?

It can at least be a bit more robust against accidentally typing your
password into the wrong window (although perhaps not secure against
deliberate abuse by a malicious application) by taking an input grab,
like the various pinentry-* and ssh-askpass implementations do.

I'm not sure how far GNOME Shell goes with securing input to
system-modal dialogs, but again, the fact that it's modal makes it a bit
more robust against mistakes.

    S

Reply to:

Follow-Ups:
- Re: security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>

References:
- security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: security policy / root passwords
  - From: Michael Banck <mbanck@debian.org>
- Re: security policy / root passwords
  - From: Michael Banck <mbanck@debian.org>
- Re: security policy / root passwords
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: security policy / root passwords
  - From: Alexey Serikov <kompadre@gmail.com>
- Re: security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: security policy / root passwords
  - From: Simon McVittie <smcv@debian.org>
- Re: security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: security policy / root passwords
  - From: Simon McVittie <smcv@debian.org>
- Re: security policy / root passwords
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

Prev by Date: Re: Bug severity and private data disclosure
Next by Date: Bug#711870: ITP: fonts-sarai -- TrueType fonts for Devanagari script
Previous by thread: Re: security policy / root passwords
Next by thread: Re: security policy / root passwords
Index(es):
- Date
- Thread