keyring primer? KDE?
Laurent Rineau
laurent.rineau__fedora at normalesup.org
Sat Sep 22 14:29:32 UTC 2007
On Saturday 22 September 2007 14:11:16 Kevin Kofler wrote:
> If you're trying to protect against someone with root privileges, that
> someone can easily plant a keylogger or something to get your passwords.
I agree.
> Otherwise, any attacker who can read the file also has access to your
> account somehow, so what's keeping them from using the regular
> gnome-keyring API from a process running as you to read all your passwords
> as soon as pam_keyring unlocks it for you? (Root can do that one too, by
> the way, as they can su to any account.)
With the configuration I chose, KWallet does not allow a connection to itself
without a confirmation, given from a popup on my screen (an idea that KDE had
before Microsoft Vista). So, even if the wallet has been opened with my
password, an attacker having access to my account needs at least to intercept
my connection to the X11 server. It is doable, but not as easy as copying a
file.
What is more, it prevents me from leaking very sensitive information with a
badly chosen recursive chmod.
--
Laurent Rineau
http://fedoraproject.org/wiki/LaurentRineau
More information about the fedora-devel-list
mailing list