-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> clearly, you're not getting an account on my machine.
>
This goes back to the typical MacOSX argument:
"If I have MacOSX laptop and you compromise my local
account, it doesn't matter because you haven't
gotten root, right?"
Of course, this isn't true because all your data is owned
by your user credentials. If someone compromises a single
user laptop they don't need root or any other super user
semantic. Being you compromises all the information
necessary to hurt you: banking information, SSN, credit
card info, e-mail logins, locally stored files, etc...
I'd say that's enough of a problem. Even Plan 9's well
designed authentication domains don't properly mitigate
the issue of the local account being compromised.
D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t
1gCP7bJWlAofxI4Ta4oZeig=
=f3q/
-----END PGP SIGNATURE-----
