Re: [desktop]ÂÂ Real users experience.

To: Craig Dickson <crdic@pacbell.net>
Cc: debian-devel@lists.debian.org
Subject: Re: [desktop]ÂÂ Real users experience.
From: Daniel Burrows <dnb114@psu.edu>
Date: Mon, 28 Oct 2002 20:01:31 -0500
Message-id: <[🔎] 20021029010131.GB3892@torrent.burrows.local>
Mail-followup-to: Daniel Burrows <dnb114@psu.edu>, Craig Dickson <crdic@pacbell.net>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20021028161213.GA5172@linux700.localnet>
References: <[🔎] 20021025150423.GI25546@reypastor.hispalinux.es> <[🔎] 20021026153250.GA3682@cs140102.pp.htv.fi> <[🔎] 1035657250.31142.6.camel@space-ghost> <[🔎] 20021028140017.GA2480@torrent.burrows.local> <[🔎] 20021028141308.GA1981@linux700.localnet> <[🔎] 1035816995.8682.12.camel@space-ghost> <[🔎] 20021028161213.GA5172@linux700.localnet>

On Mon, Oct 28, 2002 at 08:12:13AM -0800, Craig Dickson <crdic@pacbell.net> was heard to say:
> I don't like the security implications of showing all the account names
> and their login status on the login screen, but you can't fault it for
> clarity and ease of use.

  I'm not sure the security implications are that big of a deal, at
least not in at least one common case.

  You need physical access to take advantage of this -- while this is
admittedly less detectable than, say, opening the case and resetting
the CMOS, it does raise the bar considerably over allowing network
queries.

  In particular, one of the cases that the desktop people are presumably
interested in is the case of a computer in the home or in an apartment,
which is shared by the residents.  (that's what spawned this thread, in fact)
  In this case, I don't think the security issue is very worrying -- anyone
who could see this information without permission could do any number of
more dastardly things as well.

  -- Daniel, reaching for asbestos underwear..

-- 
/-------------------- Daniel Burrows <dburrows@debian.org> -------------------\
|                "Debian developers have many superpowers, but                |
|                 time travel is not one of them."                            |
|                   -- Richard Braakman                                       |
\---- News without the $$ -- National Public Radio -- http://www.npr.org -----/

Reply to:

References:
- [desktop] Real users experience.
  - From: Jesus Climent <jesus.climent@hispalinux.es>
- Re: [desktop] Real users experience.
  - From: Richard Braakman <dark@xs4all.nl>
- Re: [desktop] Real users experience.
  - From: Colin Walters <walters@debian.org>
- Re: [desktop]Â Real users experience.
  - From: Daniel Burrows <dnb114@psu.edu>
- Re: [desktop]Â Real users experience.
  - From: Craig Dickson <crdic@pacbell.net>
- Re: [desktop]Â Real users experience.
  - From: Colin Walters <walters@debian.org>
- Re: [desktop]ÂÂ Real users experience.
  - From: Craig Dickson <crdic@pacbell.net>

Prev by Date: [bam@debian.org: Fixed in NMU of amavis 20020517-25]
Next by Date: Processed: reassign 166838 to install-doc
Previous by thread: Re: [desktop]ÂÂ Real users experience.
Next by thread: Re: [desktop] Real users experience.
Index(es):
- Date
- Thread