Secure keyboard input [LWN.net]

Secure keyboard input

Posted Nov 23, 2009 15:58 UTC (Mon) by drag (subscriber, #31333)
In reply to: Secure keyboard input by epa
Parent article: Fedora 12 and unprivileged package installation

If Linux can figure out a way to lock down things inside of a user account then that would benefit everybody massively.

If you think about it (which you probably already understand completely, I am just talking about in a more general sense), right now all your most important and sensitive information is stored in your /home/$USERNAME directory. Especially for a single user system, which 70% of desktops apparently are, then getting root is not necessary at all for a attacker to have the most damage to that user.

Root is only necessary for the attacker to go unnoticed. If they want to establish a rootkit or run some sort of secret network service then they'll need root. If they just want to steel your credit card information, gain access to your online accounts, or anything like that then root is unnecessary.

(Log in to post comments)

Secure keyboard input

Posted Nov 23, 2009 18:35 UTC (Mon) by madscientist (subscriber, #16861) [Link]

Any really sensitive file in the user's home directory should be protected by account permissions so that non-root users wouldn't be able to modify, or even read, them. In addition, a number of distros already have the ability to encrpyt some or all of the user's home directory, so that casual observers can't read the files. I think the previous poster has an excellent point, though: if you don't have a foolproof way of getting back to a login prompt, you can't say much about any sort of password-based security, including encrpyted home directories.