On Fri, 2012-06-22 at 09:36 +0100, David Howells wrote: > Stephen Gallagher <sgall...@redhat.com> wrote: > > > 1) Credential caches are now stored in a tmpfs location. This is a > > security feature, as a stolen laptop may not be booted in single-user > > mode to extract a valid TGT. > > Is it? Can't tmpfs move stuff arbitrarily out to swap?
Ah, true. This could happen in a low-memory case. I should perhaps revise this statement then to be "This is a security feature, as a stolen laptop booted in single user mode will have a much more difficult time of extracting a valid TGT". This of course can be further mitigated by the use of encrypted swap space.
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
