On Tue, 2013-08-13 at 08:18 +0000, Laako, Jussi wrote:
> Which is not a normal Linux desktop, is it?
Isn't it? At least it's like openSUSE or Ubuntu. Only Windows users
tend to use their computer as admin.
As long as you 1) use SMACK/SELinux/AppArmor correctly configured
and/or 2) run gsignond as some other user id both the API access and
the database are protected.
That's the key point: is any Linux desktop set up to protect the signon
database like that? I don't doubt that it is doable, I'm just wondering
whether it is done.
If it is, great, then access control is worth it. If not, then it adds
no additional security and just makes the system less usable (can't use
valgrind, can't use my self-compiled binary unless I install it).
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.