Re: Does KDM need a password?

To: debian-laptop@lists.debian.org
Subject: Re: Does KDM need a password?
From: Daniel Pittman <daniel@rimspace.net>
Date: Mon, 26 Jan 2009 18:21:27 +1100
Message-id: <[🔎] 8763k2mt1k.fsf@rimspace.net>
References: <[🔎] 880dece00901251130u29c49385tc419c9dfb73031c9@mail.gmail.com>

Dotan Cohen <dotancohen@gmail.com> writes:

> My laptop password-protects the harddrive, to unlock it I must enter a
> password before the BIOS starts the OS. Is it thus redundant to have a
> password at the KDM logon screen?

I don't know about you, but I occasionally leave my laptop unattended,
and while the KDE screen-saver locks it, it also offers the "switch
user" option.

Using that someone could trivially open a new KDM login prompt, hit
return, and have access to your identity.  Not much fun.

A lot of Unix security assumes that you prompt for authentication before
allowing access to a user account; while you can violate that you will
find that it does[1] open security holes by violating upstream
maintainers assumptions.

Regards,
        Daniel

Footnotes: 
[1]  More precisely, "is extremely likely to without very, very careful
     configuration on your part, such that you are unlikely to always
     succeed in finding the holes before they are exposed."

Reply to:

Follow-Ups:
- Re: Does KDM need a password?
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: Does KDM need a password?
  - From: Johannes Wiedersich <johannes@physik.blm.tu-muenchen.de>

References:
- Does KDM need a password?
  - From: Dotan Cohen <dotancohen@gmail.com>

Prev by Date: Re: Does KDM need a password?
Next by Date: Re: Does KDM need a password?
Previous by thread: Re: Does KDM need a password?
Next by thread: Re: Does KDM need a password?
Index(es):
- Date
- Thread