Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Password and Keys Security Issue?

  1. #11
    winh8r is offline Iced Almond Soy Ubuntu, No Foam
    Join Date
    Sep 2007
    Ubuntu 10.04 Lucid Lynx

    Re: Password and Keys Security Issue?

    If I may quote haqking from another thread he posted in:

    System security is not a product
    System security is not a state.

    System security is a process and ongoing and the responsibility of the User/Admin.
    The minute you, as the user or the admin allows anyone unsupervised physical access to your machine, it is effectively compromised.

    It does not matter what measures are in place in terms of software, passwords,keyrings. All it takes is a live cd, and your data is instantly accessible.

    The sudo command is primarily about restricting permissions to carry out various tasks and actions whilst running the system. It is not in itself a robust security measure against anyone other than the uninitiated user.

    Security is in the hands of the user/owner at all times and how they choose to deal with that responsibility is what determines the integrity of the data held on the machine (s)
    Last edited by winh8r; March 19th, 2012 at 12:25 AM.

  2. #12
    Join Date
    Sep 2011

    Re: Password and Keys Security Issue?

    To put what winh8r & haqking said another way:

    The purpose of sudo is so that you don't have to run as root. When you give your sudo password you temporarily elevate your permissions to allow whatever action you choose. When you use sudo, you have to knowingly allow processes/programs that could potentially harm your computer. Nothing can just run without your knowledge or without you specifically allowing it. Sudo is there for security in that way. Read the official documentation:

    Physical security of your computer is a different beast, and sudo has nothing to do with physical security. When you walk away from your computer and leave it running, yeah, someone can sit down and peek at your passwords. But they could also copy your data onto a flash drive. Then they could rm -rf your drive completely erasing everything. You don't need sudo privileges to do that. So in my mind, worrying about the password & keys file is kind of like worrying about a leaking faucet on the Titanic.

Page 2 of 2 FirstFirst 12


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts