Everyone seems to be forgetting the real big security issue with this.
Accessing physical data on the system's hdd (whether encrypted or not) is not the major issue - accessing currently running programs is.
Example - John Q Sysadmin has a few open ssh sessions to some of his favourite boxes - locks his workstation so he can wander off somewhere. Anyone exploiting this to unlock his workstation now has access to his logged-in ssh terminals.
Yes, there are other ways to achieve this, including keyloggers, trojans, etc, but this makes it stupidly easy to walk past a random workstation, and potentially 10 seconds later have root access on any number of other boxes the user happened to be logged in as.
Remember guys - better be shutting down your ssh terms before you go to lunch!
Slashdot Mirror
Everyone seems to be forgetting the real big security issue with this.
Accessing physical data on the system's hdd (whether encrypted or not) is not the major issue - accessing currently running programs is.
Example - John Q Sysadmin has a few open ssh sessions to some of his favourite boxes - locks his workstation so he can wander off somewhere. Anyone exploiting this to unlock his workstation now has access to his logged-in ssh terminals.
Yes, there are other ways to achieve this, including keyloggers, trojans, etc, but this makes it stupidly easy to walk past a random workstation, and potentially 10 seconds later have root access on any number of other boxes the user happened to be logged in as.
Remember guys - better be shutting down your ssh terms before you go to lunch!