[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: KLineEdit Security
From: Thomas =?iso-8859-15?q?L=FCbking?= <thomas.luebking () web ! de>
Date: 2009-05-21 17:18:15
Message-ID: 200905211918.16303.thomas.luebking () web ! de
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Am Thursday 21 May 2009 schrieb Martin T. Sandsmark:
> On Thursday 21. May 2009 18:46:02 Thomas Lübking wrote:
> > The (only really hard and) proper solution to this is btw. an encrypted
> > keyboard -> app chain, but there're few keyboards that can encrypt
> > strokes (and i don't even know whether X11 supports such at all, so you'd
> > have to bring your own keyboard driver)
>
> That won't help either if someone can run stuff as the user, as it is just
> a matter of setting LD_PRELOAD to something nasty.
the key event is encrypted (from the keyboard HW).
- you /can/ bring your own lib inbetween.
- you can capture the (encrypted) event.
... you just can't make any use of it w/o knowing the secret part of the key -
which is (runtime generated and better) kept in some scrambled memory portion
of the application (so your lib doesn't know where to search it, even iff it
could rely on a particular binary) which of course linked in the crucial
functions statically.
the way to get around this was to bring a compromised app (what can be fought
by hashes but of course remains a problem - that's why it must be run by a
full path command, what requires a harder system setup... i'm entirely NOT
talking about kinda Ubuntu by this. and preloading libraries - esp. on some
user env - is of course ruled out on such systems in the first place ;-)
conclusion: security is not a state, it's a fight.
> You can't trust a compromised account, period.
no, that's why you should prevent it, but the more stones you can place in the
way, the better (by trading convenience, of course)
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> >> unsubscribe <<
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Segoe'; font-size:10pt; font-weight:400; \
font-style:normal;">Am Thursday 21 May 2009 schrieb Martin T. Sandsmark:<br> > On \
Thursday 21. May 2009 18:46:02 Thomas Lübking wrote:<br> > > The (only really \
hard and) proper solution to this is btw. an encrypted<br> > > keyboard -> \
app chain, but there're few keyboards that can encrypt<br> > > strokes (and i \
don't even know whether X11 supports such at all, so you'd<br> > > have to \
bring your own keyboard driver)<br> ><br>
> That won't help either if someone can run stuff as the user, as it is just<br>
> a matter of setting LD_PRELOAD to something nasty.<br>
the key event is encrypted (from the keyboard HW).<br>
- you /can/ bring your own lib inbetween. <br>
- you can capture the (encrypted) event.<br>
... you just can't make any use of it w/o knowing the secret part of the key - which \
is (runtime generated and better) kept in some scrambled memory portion of the \
application (so your lib doesn't know where to search it, even iff it could rely on a \
particular binary) which of course linked in the crucial functions statically.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>the \
way to get around this was to bring a compromised app (what can be fought by hashes \
but of course remains a problem - that's why it must be run by a full path command, \
what requires a harder system setup... i'm entirely NOT talking about kinda Ubuntu by \
this. and preloading libraries - esp. on some user env - is of course ruled out on \
such systems in the first place ;-)<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>conclusion: security \
is not a state, it's a fight.<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>> You can't trust a compromised \
account, period.<br> no, that's why you should prevent it, but the more stones you \
can place in the way, the better (by trading convenience, of course)<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>> >> Visit \
http://mail.kde.org/mailman/listinfo/kde-devel#unsub to<br> > >> unsubscribe \
<<<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p><p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p></body></html>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic