[PATCH] Kwallet optional owner based access control

Jonathan Verner jonathan.verner at matfyz.cz
Wed Apr 9 21:57:06 BST 2008


Hello, 

I store some quite sensitive data in my wallet (banking account 
passwords, creditcard numbers & c.) and I do not feel comfortable
with allowing every application which has access to the wallet to 
read them. (E.g. kopete stores its passwords in there so it has to 
have access to the wallet, but if it is compromised by a hacker, it 
could get at the more sensitive banking passwords which would not 
be good). So I thought it might be useful to only allow access to 
the wallet folders to applications which actually created those 
folders. The attached patch tries to implement this (although I am
not completely sure how the appid thing works and if it is 
spoof-safe). It defaults to the old behaviour and only limits the
access if it is turned on in the configuration.

Since I do not have a complete build environment I could not test
the patch (not if it compiles nor if it actually works). However, 
if the patch has some chance to be accepted, I will try to set
it up, so that I can test it. 

The patch applies to the following files:

/trunk/KDE/kdelibs/kio/misc/kwalletd/kwalletd.cpp
/trunk/KDE/kdelibs/kio/misc/kwalletd/kwalletd.h

Regards :-)

Jonathan Verner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owner-based-access-control.diff
Type: text/x-diff
Size: 8793 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080409/87476dc5/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080409/87476dc5/attachment.sig>


More information about the kde-core-devel mailing list