Fwd: KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store passphrases in KDE 3.2's wallet)

Dirk Mueller mueller at kde.org
Sat Dec 6 16:48:10 GMT 2003

On Saturday 06 December 2003 16:20, Martin Konold wrote:

> > it is the easiest solution since you really don't want to have a
> > suid-root kwalletd.
> Why not? 

I don't want to annoy anyone with the obvious details on why it is bad so I'll 
just drop some keywords: 

- global constructors
- number of dependend libraries
- kwalletd being a kded DSO
- introduction of a local DoS
- attack vector for all the security weaknesses combined in Qt and kde core 

> Suid-root is not bad security wise in every usage case.

suid is always a security nightmare. 

More information about the kde-core-devel mailing list