Re: security policy / root passwords

To: debian-devel@lists.debian.org
Cc: Simon McVittie <smcv@debian.org>
Subject: Re: security policy / root passwords
From: Daniel Pocock <daniel@pocock.com.au>
Date: Mon, 10 Jun 2013 21:24:39 +0200
Message-id: <[🔎] 51B627F7.4040808@pocock.com.au>
In-reply-to: <[🔎] 51B5E7F3.2000101@debian.org>
References: <[🔎] 51B4B11E.8080701@pocock.com.au> <[🔎] 20130609172016.GB26067@nighthawk.chemicalconnection.dyndns.org> <[🔎] 20130610072118.GC26067@nighthawk.chemicalconnection.dyndns.org> <[🔎] 848v2izak6.fsf@sauna.l.org> <[🔎] CALiCqYZeNkTn=gdAjas2LRX=3LLjANejFNqX=Pss98nkMXWKtA@mail.gmail.com> <[🔎] 51B5B9B9.4080701@pocock.com.au> <[🔎] 51B5C2CA.70100@debian.org> <[🔎] 51B5CC89.3060306@pocock.com.au> <[🔎] 51B5D6CB.5080303@debian.org> <[🔎] 8461xmt4ly.fsf@sauna.l.org> <[🔎] 51B5E7F3.2000101@debian.org>


On 10/06/13 16:51, Simon McVittie wrote:
> On 10/06/13 15:36, Timo Juhani Lindfors wrote:
>> Simon McVittie <smcv@debian.org> writes:
>>>     * ability to use system-modal prompting or a secure input path
>>>       (partially done by PK under GNOME Shell, likely to get better
>>>       under Wayland, not supported by sudo or su)
>>
>> Not relevant to the current discussion but this got me curious: can the
>> input path really be secure under X11?
> 
> It can at least be a bit more robust against accidentally typing your
> password into the wrong window (although perhaps not secure against
> deliberate abuse by a malicious application) by taking an input grab,
> like the various pinentry-* and ssh-askpass implementations do.
> 
> I'm not sure how far GNOME Shell goes with securing input to
> system-modal dialogs, but again, the fact that it's modal makes it a bit
> more robust against mistakes.

Every copy of jessie could be distributed with one of the red hoods
referred to in this article:

http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

I presume it has some kind of electromagnetic shielding too.

Reply to:

Follow-Ups:
- Re: security policy / root passwords
  - From: Michael Banck <mbanck@debian.org>

References:
- security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: security policy / root passwords
  - From: Michael Banck <mbanck@debian.org>
- Re: security policy / root passwords
  - From: Michael Banck <mbanck@debian.org>
- Re: security policy / root passwords
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: security policy / root passwords
  - From: Alexey Serikov <kompadre@gmail.com>
- Re: security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: security policy / root passwords
  - From: Simon McVittie <smcv@debian.org>
- Re: security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: security policy / root passwords
  - From: Simon McVittie <smcv@debian.org>
- Re: security policy / root passwords
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: security policy / root passwords
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: Re: Filtering bugs from apt-listbugs reports (was Re: Bug severity and private data disclosure)
Next by Date: Re: boot ordering and resolvconf
Previous by thread: Re: security policy / root passwords
Next by thread: Re: security policy / root passwords
Index(es):
- Date
- Thread