Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)
Dirk Mueller
mueller at kde.org
Sat Dec 6 16:48:10 GMT 2003
On Saturday 06 December 2003 16:20, Martin Konold wrote:
> > it is the easiest solution since you really don't want to have a
> > suid-root kwalletd.
> Why not?
I don't want to annoy anyone with the obvious details on why it is bad so I'll
just drop some keywords:
- global constructors
- number of dependend libraries
- kwalletd being a kded DSO
- introduction of a local DoS
- attack vector for all the security weaknesses combined in Qt and kde core
libs
> Suid-root is not bad security wise in every usage case.
suid is always a security nightmare.
More information about the kde-core-devel
mailing list