Tracking users/sessions on the console

Havoc Pennington hp at
Tue Jan 31 15:24:56 PST 2006

On Tue, 2006-01-31 at 11:32 +0000, Jamie McCracken wrote:
> it would be best to use public key encryption here (the public key could 
> be used to get the session bus address). The private key would need to 
> be obfuscated so its not readily visible in a core dump of the session 
> bus nor accessible api wise - not perfect security I admit but its 
> better than nothing

What does that solve? If the private key is in the user's session,
people can still do everything they could do before. Remember, we don't
trust the user's session from the perspective of the system bus.


More information about the dbus mailing list