On 2015-12-21 16:44:23, Ilkka Virta wrote: > On 16.12. 15:44, Antoine Beaupré wrote: >> On 2015-12-16 06:21:01, Ilkka Virta wrote: >> Right, you are right of course. I do think it's critical to keep that >> file from being readable from random apps. The format *is* also a little >> brittle so it seems important to have standardized access as well... >> >> Maybe having a system similar to shadow passwords would be necessary >> here: there could be a secret file that can only be read by root (or >> with the right caps) and would need a special tool (oath.passwd?) to >> reset. > > Well being root-only and having some sort of a helper app is already > needed. (Though the helper might well be the admins text editor. > > As for brittleness, it shares the same thing with all other text files: > they kind of have to be rewritten completely every time (can't just > replace a single line). Unless you meant some other brittleness? Of > course there's locking, per-user files would make that a bit simpler.
No that is pretty much it - i was thinking of lock contention issues and so on. > This was the per-user shadow file thingy I was thinking of: > http://www.openwall.com/tcb/ (see the slides) right. pretty much what i had in mind. a. -- When I came back to the United States, I decided that if you could use propaganda for war, you could certainly use it for peace. And "propaganda" got to be a bad word because of the Germans using it, so what I did was to try and find some other words so we found the words "public relations". - Edward Bernays
