Password and Keys Security Issue?

[winh8r]

If I may quote haqking from another thread he posted in:

System security is not a product
System security is not a state.

System security is a process and ongoing and the responsibility of the User/Admin.

The minute you, as the user or the admin allows anyone unsupervised physical access to your machine, it is effectively compromised.

It does not matter what measures are in place in terms of software, passwords,keyrings. All it takes is a live cd, and your data is instantly accessible.

The sudo command is primarily about restricting permissions to carry out various tasks and actions whilst running the system. It is not in itself a robust security measure against anyone other than the uninitiated user.

Security is in the hands of the user/owner at all times and how they choose to deal with that responsibility is what determines the integrity of the data held on the machine (s)

[Ms. Daisy]

To put what winh8r & haqking said another way:

The purpose of sudo is so that you don't have to run as root. When you give your sudo password you temporarily elevate your permissions to allow whatever action you choose. When you use sudo, you have to knowingly allow processes/programs that could potentially harm your computer. Nothing can just run without your knowledge or without you specifically allowing it. Sudo is there for security in that way. Read the official documentation:

https://help.ubuntu.com/community/RootSudo

Physical security of your computer is a different beast, and sudo has nothing to do with physical security. When you walk away from your computer and leave it running, yeah, someone can sit down and peek at your passwords. But they could also copy your data onto a flash drive. Then they could rm -rf your drive completely erasing everything. You don't need sudo privileges to do that. So in my mind, worrying about the password & keys file is kind of like worrying about a leaking faucet on the Titanic.