Le samedi 24 janvier 2009 à 11:00 +0100, Reinhard Tartler a écrit : > Well, then how about gnome-keyring or other applications not expecting > that behaviour should then check the effective user id in addition to > the session cookie in the environment variable? > > In any case, this behaviour should probably be somewhere properly > documented, at least in the developer and/or user documentation of > gnome-keyring (I have to admit that I didn't check it myself, since I > haven't developed an application which uses gnome-keyring yet). It’s not a problem in gnome-keyring, gnome-terminal or another application. I don’t think it even lies in D-Bus which is responsible for the passing of these authentication tokens. The question is whether we can consider safe to pass authentication tokens as environment variables. Either we do, and we fix applications that pass environment where they shouldn’t. Either we don’t, and we have to find another way to pass them. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=