[PATCH] Kwallet optional owner based access control
Thiago Macieira
thiago at kde.org
Thu Apr 10 13:11:19 BST 2008
On Thursday 10 April 2008 13:53:14 Jonathan Verner wrote:
> Maybe an even better approach would be to allow the user to
> mark some entries in the wallet as sensitive and these entries would
> always require the user to enter the 'master' password. These
> entries would also need to not be kept in memory.
If the attacker already has access to run programs on your machine, he can
simply attach to the kded process and wait patiently for it to open the
wallet. When the wallet gets opened, he reads everything from the decoded
data.
Conclusion: any kind of protection you do for application calls is not going
to have any effect. It would be necessary to make kwalletd a separate process
and run as root to prevent attaching.
The application-name protection is just to avoid mistakes. It's not security.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080410/895a10e1/attachment.sig>
More information about the kde-core-devel
mailing list