Re: keyring primer? KDE?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 22 September 2007 14:11:16 Kevin Kofler wrote:
> If you're trying to protect against someone with root privileges, that
> someone can easily plant a keylogger or something to get your passwords.

I agree.

> Otherwise, any attacker who can read the file also has access to your
> account somehow, so what's keeping them from using the regular
> gnome-keyring API from a process running as you to read all your passwords
> as soon as pam_keyring unlocks it for you? (Root can do that one too, by
> the way, as they can su to any account.)

With the configuration I chose, KWallet does not allow a connection to itself 
without a confirmation, given from a popup on my screen (an idea that KDE had 
before Microsoft Vista). So, even if the wallet has been opened with my 
password, an attacker having access to my account needs at least to intercept 
my connection to the X11 server. It is doable, but not as easy as copying a 
file.

What is more, it prevents me from leaking very sensitive information with a 
badly chosen recursive chmod.

-- 
Laurent Rineau
http://fedoraproject.org/wiki/LaurentRineau

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux