'[Bug 78505] wallets require a password'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 78505] wallets require a password
From:       Kamil Neczaj <kneczaj () gmail ! com>
Date:       2008-09-19 0:52:51
Message-ID: 20080919005251.81A1B12D70 () immanuel ! kde ! org
[Download RAW message or body]

http://bugs.kde.org/show_bug.cgi?id=78505


Kamil Neczaj kneczaj gmail com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kneczaj@gmail.com




--- Comment #58 from Kamil Neczaj <kneczaj gmail com>  2008-09-19 02:52:46 ---
I'm also in favour of pam. There are applications in kde such as kopete, kmail,
as someone said knetworkmanager, all of them require kwallet to be opened.
Let's assume that the user uses only kde application. He starts KDE after a
while Kopete or KNetworkManager wants to open kwallet. These applications are
running through whole KDE session so the wallet is always opened. Now, the user
must type two passwords (or even one but two times). He is really irritated
because if he used pidgin or psi instead of kopete he wouldn't type password
the second time. The same with KNetworkManager, if he didn't use it and
manually configure his network, he mustn't type the password twice. So the user
has always opened kwallet. Isn't it unsecure? I really wouldn't care about that
kwallet is open or not. The kwallet should be secure even when it is opened.
I'd rather care about that one application has access to password of others.
The user really shouldn't be able to read passwords from kwallet using "Wallet
Manager". Every application should have it's own wallet and have permissions
only to this one. KWallet simply shouldn't inform applications about passwords
which aren't in their wallets. For egzample if application is called "kopete"
it can only use "kopete" wallet. 
At this point emerges the problem of applications prepared to steal passwords
which simply imitate the proper ones. It also can be solved, by naming wallets
with full path to application. The applications in system directories cannot be
replaced by others because it needs root access.

Egzample:
1. Kopete tries to read our password from kwallet
2. The kwallet checks kopete's egzecutable file name and path to it.
3. Kwallet has got that file /usr/bin/kopete tries to read password from it's
wallet.
4. It allows /usr/bin/kopete access only to "/usr/bin/kopete" wallet.

Wallet Manager shouldn't provide functions to read all password from one
place!!! Now, using Wallet Manager even begginer can easy read all passwords
when kwallet is open!!!

I have also two questions about kwallet subsystem:
1. Open kwallet stores unencrypted passwords in RAM, right?
2. So is it true that advanced user using proper software can read the
passwords directly from memory if kwallet is running with privilages of the
same user? 

If the answers to above questions are "yes", maybe it is better to run kwallet
as a deamon with root privilages. The common user hasn't privilages to read
memory reserved by programs run by root so he cannot read even the unencrypted
passwords. If the solution with deamon is most secure the wallets should be
called according to scheme: "/usr/bin/kopete:1001", where 1001 is UID of user
whose passwords are stored in the wallet.


-- 
Configure bugmail: http://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic