Re: Writing to /etc/ from a "privileged" UI
On Wed, May 11, 2011 at 10:54:16PM +0200, Adam Borowski wrote:
> On Wed, May 11, 2011 at 10:05:40PM +0200, Frank Küster wrote:
> > Not at the same time, but someone might allow a user of a laptop to
> > access their WLAN, but neither accept that an other user of the laptop
> > should be able to use the same network without asking, nor that the keys
> > be written in a system-wide configuration file.
> Sorry but if you alternate physical possession of a laptop with someone whom
> you suspect of being hostile, no files are secure as long as they're stored
> on that laptop.
This is not necessarily the case if a per-user encrypted filestore,
such as ecryptfs, is in use (where a user may be unlocking access to
their home directory at the same time as logging in, via a pam hook).
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)