Bug#578736: This is actually a security concern

[Soeren Sonnenburg]

On Tue, 2010-05-04 at 19:16 +0200, Josselin Mouette wrote:
> Le mardi 04 mai 2010 à 08:48 +0200, Soeren Sonnenburg a écrit : 
> > > Would you give a better rationale before playing BTS ping-pong?
> > 
> > So you would expect that if you *log out* and turn away from your
> > computer that you are suddenly logged in again?
> 
> I would expect you can trust anyone having physical access to a computer
> with autologin enabled, so it doesn’t matter in terms of security.
> 
> If someone you don’t trust has access to your computer when you turn
> away from it, he might also reboot it and benefit from the autologin.
> 
> I’m not implying it’s not a bug. If you logged off, you don’t
> necessarily want the session to restart, so this is definitely one. But
> it has no security implications.

Normally you would be right, but you missed one case (the only one for
which I consider autologin useful and for which I use it here):
Encrypted filesystem (root/home). So directly after booting you enter
your system password and it is just annoying to type your user password
again. In this case logging off really -> $SHELL has security
implications.

Soeren
-- 
For the one fact about the future of which we can be certain is that it
will be utterly fantastic. -- Arthur C. Clarke, 1962
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20100504/5d9921e6/attachment-0001.pgp>