|
| From: | Ilkka Virta |
| Subject: | [OATH-Toolkit-help] Bug#807992: Bug#807992: per user oath files |
| Date: | Mon, 21 Dec 2015 23:44:23 +0200 |
| User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 |
On 16.12. 15:44, Antoine Beaupré wrote:
On 2015-12-16 06:21:01, Ilkka Virta wrote: Right, you are right of course. I do think it's critical to keep that file from being readable from random apps. The format *is* also a little brittle so it seems important to have standardized access as well... Maybe having a system similar to shadow passwords would be necessary here: there could be a secret file that can only be read by root (or with the right caps) and would need a special tool (oath.passwd?) to reset.
Well being root-only and having some sort of a helper app is already needed. (Though the helper might well be the admins text editor.
As for brittleness, it shares the same thing with all other text files: they kind of have to be rewritten completely every time (can't just replace a single line). Unless you meant some other brittleness? Of course there's locking, per-user files would make that a bit simpler.
This was the per-user shadow file thingy I was thinking of: http://www.openwall.com/tcb/ (see the slides) -- Ilkka Virta <address@hidden>
| [Prev in Thread] | Current Thread | [Next in Thread] |