[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: keyring primer? KDE?



On Saturday 22 September 2007 14:11:16 Kevin Kofler wrote:
> If you're trying to protect against someone with root privileges, that
> someone can easily plant a keylogger or something to get your passwords.

I agree.

> Otherwise, any attacker who can read the file also has access to your
> account somehow, so what's keeping them from using the regular
> gnome-keyring API from a process running as you to read all your passwords
> as soon as pam_keyring unlocks it for you? (Root can do that one too, by
> the way, as they can su to any account.)

With the configuration I chose, KWallet does not allow a connection to itself 
without a confirmation, given from a popup on my screen (an idea that KDE had 
before Microsoft Vista). So, even if the wallet has been opened with my 
password, an attacker having access to my account needs at least to intercept 
my connection to the X11 server. It is doable, but not as easy as copying a 
file.

What is more, it prevents me from leaking very sensitive information with a 
badly chosen recursive chmod.

-- 
Laurent Rineau
http://fedoraproject.org/wiki/LaurentRineau


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]