KDE Wallet Manager: Once a wallet is open an application has access to all passwords there?

Martin Sandsmark martin.sandsmark at kde.org
Wed Dec 25 22:35:25 UTC 2013


On Wed, Dec 25, 2013 at 10:26:58PM +0100, Jonathan Verner wrote:
> I don't think that would be the case. The only way I know of 'injecting' into 
> other processes is ptrace (unless, of course, you have full root permissions). 
> On ubuntu, at least, ptracing is restricted to descendant processes by default 
> and can be restricted on a per-process basis via a syscall.

LD_PRELOAD would be the most obvious. And I'm no security guy, so there's
probably more ways, including altering LD_LIBRARY_PATH, tricking with local
.desktop files, sniffing things going through dbus, sniffing X events,
listening on the microphone to analyze keypresses, (side-channel attacks are
awesome), etc.

-- 
Martin Sandsmark


More information about the Kde-utils-devel mailing list