RFC: Moving KWallet Password dialog into Plasma

Oswald Buddenhagen ossi at kde.org
Sat Jul 21 09:40:20 BST 2012


On Fri, Jul 20, 2012 at 08:27:36PM +0200, Thomas Lübking wrote:
> Am 20.07.2012, 20:18 Uhr, schrieb Martin Gräßlin <mgraesslin at kde.org>:
> >already on the system (to my knowledge hardly anything not running as root
> >can be protected against an attacker with same user privs).
>
> You can establish secure IPC - i frankly thought that's what kwallet was
> meant to do.
> 
that's a fairly pointless exercise, as everything runs in the same
security domain anyway (though d-bus is particularly easy to wiretap, as
it has a debug function to do just that).

if you wanted to make a secure system, you'd need to put *everything*
inside an own compartment. the central hub of such an architecture would
be a heavily access-restricted ipc service (so you can and need to
assume that this part is secure anyway, so your above consideration
would still be mostly irrelevant). a core aspect of such a system would
be authentication of any user interaction - think of a file dialog as a
device to authorize a particular agent to access a particular resource,
so the user needs to be sure about whom a particular dialog belongs to.
so obviously this needs some deep integration into the workspace. that's
only the last step, though.

> >But it still nicely protects:
> >* the passwords stored on disk, so you don't get the passwords on a not
> >powered-on system
> What is as good as decrypting the database file on login - except that i
> don't face a broken dialog for that ;-)
> 
correct.





More information about the kde-core-devel mailing list