Re: xscreensaver and ssh-agent

To: debian-devel@lists.debian.org
Subject: Re: xscreensaver and ssh-agent
From: Brian May <bam@debian.org>
Date: 27 Feb 2001 20:53:38 +1100
Message-id: <[🔎] 84n1b878pp.fsf@snoopy.apana.org.au>
In-reply-to: <[🔎] 20010227085726.B23973@blueberry.jellybean.co.uk>
References: <01022617270016.15887@lyta> <Pine.LNX.4.30.0102261037090.27703-100000@tennyson.netexpress.net> <20010226192613.A14535@innocent.com> <[🔎] 841ysl9gfl.fsf_-_@snoopy.apana.org.au> <[🔎] 20010227085726.B23973@blueberry.jellybean.co.uk>

>>>>> "Jules" == Jules Bean <jules@jellybean.co.uk> writes:

    Jules> Clever stuff, but people shouldn't get a false sense of
    Jules> security. This is damage limitation, at best. If someone
    Jules> has cracked root on your own machine, they can kidnap any
    Jules> running ssh connections (and so gain any privileges you
    Jules> have 'open') while the screensaver is on.

Depends on you how you work with your computer.

For instance, if I happen to be logged on to computer A while the
xscreensaver locks the computer, an attacker will not be able to log
on to computer B, C, or D. So damage is isolated to computer A.

However, an attacker could wait until you come back to your computer,
run ssh-agent, and then log into B, C, or D. So, depending on your
point of view, you could argue that this security measure is useless.

My opinion is that anything that helps get rid of your privileges, for
when they aren't being used, can only be a good thing, and the worst
problem it can cause is the time taken to get these privileges back
again.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- Re: xscreensaver and ssh-agent
  - From: Brian May <bam@debian.org>
- Re: xscreensaver and ssh-agent
  - From: Jules Bean <jules@jellybean.co.uk>

Prev by Date: website translation (was: Well done on new devel pages)
Next by Date: Re: dpkg-scanlibs
Previous by thread: Re: xscreensaver and ssh-agent
Next by thread: Re: xscreensaver and ssh-agent
Index(es):
- Date
- Thread