[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Fwd: Pinentry makes it awfully easy to snoop all passwords entered by the user
From: Niklas Schnelle <niklas.schnelle () gmail ! com>
Date: 2013-08-28 18:45:15
Message-ID: CADdntNvjkLva7z1dcE69vFFp6Uv4t7ZoLxyaeTH8wnF14mN_RA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Just found this discussion about the same problem in ssh [1]. I do realize
that the root user accessing
this info is not really a problem it's trusted anyway and can do much worse
including just reading your process memory.
However it would be nice to have a way to disable tracing for normal users,
I mean there isn't really any reason another process should be able to
watch your processes system calls just like there are facilities to keep
the kernel from swapping certain RAM areas. Maybe we should bring this up
in the kernel community things like AppAmor and SELinux already reduce what
processes can do, somehow I feel like this should be a special capability.
This is actually quite a good reason for why Android in general has a
better security model for today's day and age than normal desktop Linux,
there every process runs as a different user. I think the kernel folks even
limited access to some /proc files for exactly the same reason.
[1] https://plus.google.com/107770072576338242009/posts/ETqpKHLUEKr
[Attachment #5 (text/html)]
<div dir="ltr">Just found this discussion about the same problem in ssh [1]. I do \
realize that the root user accessing<br><div class="gmail_quote"><div \
dir="ltr"><div>this info is not really a problem it's trusted anyway and can do \
much worse including just reading your process memory. <br>
However it would be nice to have a way to disable tracing for normal users, I mean \
there isn't really any reason another process should be able to watch your \
processes system calls just like there are facilities to keep the kernel from \
swapping certain RAM areas. Maybe we should bring this up in the kernel community \
things like AppAmor and SELinux already reduce what processes can do, somehow I feel \
like this should be a special capability. <br>
This is actually quite a good reason for why Android in general has a better security \
model for today's day and age than normal desktop Linux, there every process runs \
as a different user. I think the kernel folks even limited access to some /proc files \
for exactly the same reason.<br>
<br>[1] <a href="https://plus.google.com/107770072576338242009/posts/ETqpKHLUEKr" \
target="_blank">https://plus.google.com/107770072576338242009/posts/ETqpKHLUEKr</a></div></div><div \
class="HOEnZb"><div class="h5"><div class="gmail_extra"> <br></div>
</div></div></div><br></div>
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic