The situation of KWallet, and what to do about it?
Albert Astals Cid
aacid at kde.org
Wed Jul 13 23:16:20 UTC 2016
El dijous, 7 de juliol de 2016, a les 12:36:26 CEST, Thomas Pfeiffer va
escriure:
> Hi everyone,
> I'm addressing both the Plasma team and kde-devel because this issue affects
> Plasma as well as many applications, and Valentin as the current maintainer
> of KWallet as well as KSecretService, a potential replacement for it.
>
> KWallet plays a central role in Plasma and many KDE applications as the
> central password storage. However, it being very old and not having been
> actively developed for a long time, it has lots of problems, including:
>
> - It has weak security, as it does not restrict applications accessing it by
> default, and even when it does, it does so simply based on application name
> which allows any malicious process to impersonate an allowed one
This is basically because "Linux sucks" and no other solution different than
kwallet can do it better unless you go to a "full lockdown" mode of who and
how you can start applications (i.e. like on the Ubuntu Phone only upstart can
start applications).
Yes, it is unfortunate but it has to do with the fact that we don't control
the OS we run on.
Cheers,
Albert
More information about the Plasma-devel
mailing list