Tracking users/sessions on the console
Havoc Pennington
hp at redhat.com
Tue Jan 31 15:24:56 PST 2006
On Tue, 2006-01-31 at 11:32 +0000, Jamie McCracken wrote:
> it would be best to use public key encryption here (the public key could
> be used to get the session bus address). The private key would need to
> be obfuscated so its not readily visible in a core dump of the session
> bus nor accessible api wise - not perfect security I admit but its
> better than nothing
>
What does that solve? If the private key is in the user's session,
people can still do everything they could do before. Remember, we don't
trust the user's session from the perspective of the system bus.
Havoc
More information about the dbus
mailing list