Mailinglist Archive: opensuse (1395 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
On 04/03/12 00:53, Per Jessen wrote:
Basil Chupin wrote:

On 04/03/12 00:10, Per Jessen wrote:
Per Jessen wrote:

Sofar I have been using "Lock" and "Screensaver[any]"
interchangeably. I don't care which one it is as long as (we have a
security profile in which) auto-lock/screen-saver:

1) is enabled by default with a reasonable timeout,
2) cannot be disabled
2) can only be disabled by root

What I am finding very hard to come to grips with is this need to not
only be unable to disable the screensaver but also to have a root
password when it is to be disabled.

Why is the screensaver such an important feature?
(screensaver or auto-lock).
Protection of information. People forget to lock their screen when they
go to drink coffee or smoke a cigarette. Having an office PC
auto-locked after X minutes reduces the window of risk. What people
would like displayed instead of their desktop is immaterial, blank
screen, acquarium, banner, whatever.

The darn screensaver is using the cpu (and the gpu) to generate stuff
on the monitor - and this is heating up the cpu which otherwise can
sit quietly and resting.
Screensaver could be = blank screen.

Could you perhaps give an example of why you consider that the
screensaver is so important and why it would require a root password
to disable it? All in the cause of educating me of course :-) .
For the first, see above. Second, disabling it should require root
access because it is a security and/or policy feature. Changing the
screensaver to<whatever> should be left to the user.

I am getting the feeling that you are arguing here from the point of view of the principle of the thing rather than anything else :-) .

In a normal office environment nobody is doing anything which other colleagues are not also doing.

The only situations where such "not for anyone else's eyes" scenarios could come into play are where someone is doing very confidential work. In which case that person should be allocated a room to work in and which is (a) not accessed by other colleagues and/or (b) in an area where any member of the public is not allowed access; as well as this, a person to whom such a serious task has been assigned would not be someone who just walked off the street but would be a trusted and intelligent person specially selected to do this confidential work.

Ok, but let's say that this screensaver thing is operational on the basis which you want it to be. After how many minutes would you want the screensaver to kick in? 1 minute? 2 minutes? 10 minutes?

Let's say a person keeps getting phone calls from clients. Everytime he answers the phone the screenblanks after 1 minute or 2 minutes - but he has something on the screen which he has to use to answer the client's question but while he is talking to the client the bloody screen blanks. And he has to put down the phone and type in his password. Or say to the client, "Just a moment please while I re-activate my screen". After several such incidents the fellow will stop answering the phone!

But if the screensaver cuts in after, say, 10 minutes after the user goes off to have his cigarette or get a cup of coffee, what is there to stop anyone walking up to the monitor and looking at the screen before it, say, blanks? :-)

BC

--
The vulgar crowd always is taken by appearances, and the world consists chiefly
of the vulgar.
Niccolo Machiavelli

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread