On Saturday 22 September 2007 14:11:16 Kevin Kofler wrote: > If you're trying to protect against someone with root privileges, that > someone can easily plant a keylogger or something to get your passwords. I agree. > Otherwise, any attacker who can read the file also has access to your > account somehow, so what's keeping them from using the regular > gnome-keyring API from a process running as you to read all your passwords > as soon as pam_keyring unlocks it for you? (Root can do that one too, by > the way, as they can su to any account.) With the configuration I chose, KWallet does not allow a connection to itself without a confirmation, given from a popup on my screen (an idea that KDE had before Microsoft Vista). So, even if the wallet has been opened with my password, an attacker having access to my account needs at least to intercept my connection to the X11 server. It is doable, but not as easy as copying a file. What is more, it prevents me from leaking very sensitive information with a badly chosen recursive chmod. -- Laurent Rineau http://fedoraproject.org/wiki/LaurentRineau -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
