On Fri, Jun 27, 2014 at 05:47:01PM +0200, Lennart Poettering wrote: > On Fri, 27.06.14 18:08, Mantas Mikulėnas ([email protected]) wrote: > > > (The agents usually set themselves as undumpable and untraceable to avoid > > key extraction by the same user's other processes.) > > Honestly, playing these games with trying to protect a user processes > from its own user, are snake oil, little else. That's not how Unix > works, and neither does Linux. Access control is inherently bound to > user IDs, nothing else, and just turning off traceability or dumpability > might protect you from accidental leaking, but certainly not from any > real threat. Unless you are forwarding the agent connection to a remote machine?
Zbyszek _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
