[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does KDM need a password?

2009/1/26 Daniel Pittman <daniel@rimspace.net>:
> I don't know about you, but I occasionally leave my laptop unattended,
> and while the KDE screen-saver locks it, it also offers the "switch
> user" option.

Thank. I _never_ leave the machine unattended. It would be stolen immediately.

> Using that someone could trivially open a new KDM login prompt, hit
> return, and have access to your identity.  Not much fun.

My identity? They can have it! In any case, once they have the
hardware, even a password prompt at the KDM won't help if that is what
they want.

> A lot of Unix security assumes that you prompt for authentication before
> allowing access to a user account; while you can violate that you will
> find that it does[1] open security holes by violating upstream
> maintainers assumptions.

This is exactly why I asked! I would like to know if there are some
hidden gotchas that I am not aware about, besides the obvious..

Dotan Cohen



Reply to: