[Bug 1045886] ecryptfs problems with recent Tumbleweed
http://bugzilla.novell.com/show_bug.cgi?id=1045886
http://bugzilla.novell.com/show_bug.cgi?id=1045886#c36
--- Comment #36 from Andrei Borzenkov
And in this case session key are visible by all process running with the same UID, which is not too good.
Still it is better than what we have now.
That's probably the reason why the doc says:
Rather than relying on the user session keyring, it is strongly recommended —especially if the process is running as root— that a session-keyring(7) be set explicitly, for example by pam_keyinit(8).
You miss the point. It makes pam_keyinit mandatory without as much as giving any heads up to users (just try to search for pam_keyinit in systemd NEWS). Before this change pam_keyinit was recommended, but the whole system still worked reasonably well without it. So the actual question is whether we want to mandate pam_keyinit and risk security implications if it is missing for some reasons. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com