[systemd-devel] Keyring service as a natural use-case for systemd?
Lennart Poettering
lennart at poettering.net
Fri Jun 27 08:47:01 PDT 2014
On Fri, 27.06.14 18:08, Mantas Mikulėnas (grawity at gmail.com) wrote:
> (The agents usually set themselves as undumpable and untraceable to avoid
> key extraction by the same user's other processes.)
Honestly, playing these games with trying to protect a user processes
from its own user, are snake oil, little else. That's not how Unix
works, and neither does Linux. Access control is inherently bound to
user IDs, nothing else, and just turning off traceability or dumpability
might protect you from accidental leaking, but certainly not from any
real threat.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list