KDE Wallet Manager: Once a wallet is open an application has access to all passwords there?
Till Schäfer
till2.schaefer at tu-dortmund.de
Wed Nov 13 18:58:49 UTC 2013
Hi,
that solution seems to introduce a lot of new trouble:
1. An executable path may not be the safest way to ensure the validity of a program. maybe a signed executable can do so in a better way, but this is a much more complicated way, especially because there must be someone who signs applications for you.
2. What if a binary moves? does this cause the loss of all stored passwords? That means you need at least an abstraction layer that can map a executable to an unique id.
Anyway: I think it is very important to think about this. The current situation is very unsafe. i think nobody can ensure that the every part of his system works as expected.
Greetings
Till
Am Mittwoch, 13. November 2013, 19:21:46 schrieb Jonathan Verner:
> This problem has been bugging me too and I don't think that it should
> be dismissed so easily. Suppose malware started being more common on
> linux. Then a malware author would find the kde wallet to be a treasure
> trove. Of course, one could keep the wallet locked at all times and enter the
> password whenever an application needed access, but that (in my opinion)
> kind of defeats the purpose.
>
> When I was originally thinking about this problem, the wallet was accessed
> directly by each application (if I understood correctly) which meant that
> there was no way to prevent an application to access whatever it wanted.
>
> However, now that the wallet is accessed over D-Bus (if I understand
> correctly) and that D-Bus supports getting the process ID of the connecting
> side (at least on UNIX there is the function
> dbus_connection_get_unix_process_id) the access to a given folder could
> be granted based on the executable file (/proc/PID/exe) of the requesting
> process. This should prevent local unprivileged attacks. An attacker
> with rw access to, e.g. /usr/bin, would still get the passwords, of course.
>
> Is there something I am missing or would this be feasible?
>
> Jonathan Verner
>
>
> On 13. 11. 2013 FF <fafisfriend at ya.com> wrote:
> > Thanks, Eike, for your time and explanation.
> >
> > But I do not feel any better. The thing is that, e.g., I do not want
> > Netbeans accessing my Kontact related passwords.
> >
> > For the moment I have seen that I can use two wallets (KDE System Settings
> > -> Account Details -> KDE Wallet) and now I have separated both worlds.
> >
> > Maybe having a wallet for each sofware vendor would sould safer...
> _______________________________________________
> Kde-utils-devel mailing list
> Kde-utils-devel at kde.org
> https://mail.kde.org/mailman/listinfo/kde-utils-devel
>
--
pgp: https://keyserver2.pgp.com/vkd/SubmitSearch.event?&&SearchCriteria=0xD84DED79
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-utils-devel/attachments/20131113/bfa8dbbe/attachment.sig>
More information about the Kde-utils-devel
mailing list