> That's the key point: is any Linux desktop set up to protect the signon > database like that? I don't doubt that it is doable, I'm just wondering > whether it is done. > > If it is, great, then access control is worth it. If not, then it adds > no additional security and just makes the system less usable (can't use > valgrind, can't use my self-compiled binary unless I install it).
Now the databases are protected even on a normal Unix without any extra security frameworks. All databases are stored in a directories accessible only to user root and group gsignond. Gsignond will setgid itself to gsignond and no users should be member of that group. Users can of course mess their own things, but the point is that random application X shouldn't be able to gain root access on the device without user's permission. And that would be required to break the security. That's where the line goes. --------------------------------------------------------------------- Intel Finland Oy Registered Address: PL 281, 00181 Helsinki Business Identity Code: 0357606 - 4 Domiciled in Helsinki This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ SyncEvolution mailing list [email protected] https://lists.syncevolution.org/mailman/listinfo/syncevolution
