Making kwallet more secure
Oswald Buddenhagen
ossi at kde.org
Sat Aug 23 15:39:18 BST 2008
On Sat, Aug 23, 2008 at 12:21:47PM +0200, Michael Leupold wrote:
> - Can I trust the information about the caller that's provided on
> receiving a message? If so I could use the interfaces to figure out
> the caller's PID and get more information to present to the user. I
> could also set ACLs based on the caller's path.
>
even if you could trust this information, it would be completely
useless: one user's processes can interfere with each other to their
liking. that's why i told you that any such security model is worthless
unless you integrate it with SE linux or some other sandboxing solution
(and it is actually deployed by the user, which won't be the case for
the vast majority of desktop users).
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Confusion, chaos, panic - my work here is done.
More information about the kde-core-devel
mailing list