KDE Wallet Manager: Once a wallet is open an application has access to all passwords there?
Martin Sandsmark
martin.sandsmark at kde.org
Wed Dec 25 22:35:25 UTC 2013
On Wed, Dec 25, 2013 at 10:26:58PM +0100, Jonathan Verner wrote:
> I don't think that would be the case. The only way I know of 'injecting' into
> other processes is ptrace (unless, of course, you have full root permissions).
> On ubuntu, at least, ptracing is restricted to descendant processes by default
> and can be restricted on a per-process basis via a syscall.
LD_PRELOAD would be the most obvious. And I'm no security guy, so there's
probably more ways, including altering LD_LIBRARY_PATH, tricking with local
.desktop files, sniffing things going through dbus, sniffing X events,
listening on the microphone to analyze keypresses, (side-channel attacks are
awesome), etc.
--
Martin Sandsmark
More information about the Kde-utils-devel
mailing list