Making kwallet more secure

Michael Leupold lemma at confuego.org
Sat Aug 23 11:21:47 BST 2008 

Hi everyone,

recently I've been thinking about ways to make kwallet more secure (not just 
kwallet but probably also the specification I'm trying to get out on fd.o).

One thing I'm currently doing is porting the wallet backend to use qca2. This 
will lead to a smaller codebase (stripping the encryption/hashing algorithms) 
and also provide memory that can't be swapped.

My main concerns however are:
1) kwalletd has no means to really authenticate applications connecting. While 
it does have ACLs every application opens a wallet using a name it specifies 
itself (so malicious applications could fool the user and by using another 
application's name you can "bypass" ACLs).
2) every application on the messagebus can spy on passwords being sent

If possible I'd like to stay with dbus as it's interoperable and convenient.

Possible solutions (or rather open questions to people who know more than me):
- Can I trust the information about the caller that's provided on receiving a 
message? If so I could use the interfaces to figure out the caller's PID and 
get more information to present to the user. I could also set ACLs based on 
the caller's path.
- an encrypted dbus transport. Unfortunately judging from libdbus sources 
encryption should be implementable but I doubt anyone is working on it and I 
can't help the feeling it's not something the dbus people would be very happy 
about.
- encryption inside the kwallet protocol using some tls-like techniques. This 
would most likely work - at least to stop spying on the bus.
- Make kwallet use p2p d-bus. Actually I'm not sure if that would work because 
I couldn't find enough information about that matter. If I create a new bus 
bypassing the daemon, couldn't other processes still connect to it as well?

I'd be happy to get some comments and ideas from people who have more insights 
than I do.

(Note: The "security" I talk about is only meant to secure against attacks 
from malicious software and malicious people who get access to your computer).

Thanks and regards,
Michael

More information about the kde-core-devel mailing list