Re: Current network-password-saving feature needs improvement.



mån 2002-07-22 klockan 17.34 skrev Hema Seetharamaiah:
> Hi,

Hi!

Sorry for being a little late on replying. Been on vacation.

> Jon Svendsen wrote:
> > 
> > On Fri, 2002-07-19 at 18:02, desktop-devel-list-request gnome org wrote:
> > >       Please stop this guff. Root can do anything; they can snapshot all the
> > > core memory, swap - if they're lucky fire up a debugger, and invoke the
> > > "trivial_demangle_password" method, on whatever piece of memory it's
> > > stored in.
> > 
> > These things all require time, devotion and skill to do. Retrieving the
> > gconf-stored password of _every_ user on the system is trivially
> > scriptable, an attacker would only need a very small window of time to
> > aqquire passwords for a potentially very large number of mail and proxy
> > accounts.
> > 
> > I agree in principle to the notion that you if you don't trust root,
> > stay away from the system. root is the lizard king, he can do anything.
> > But one should remember that in a few unfortunate cases, root might
> > happen to be a 14-year old with some neat scripts and too much spare
> > time. Getting hold of sensitive information should not be trivial.
> 
> Yes, I agree that getting hold of sensitive information should not be
> trivial. IMO, the feature to prompt once-per-session for http password
> is also useful to have so that the user gets a choice to not save to
> disk.
> 
> Overall, there seems to be a consensus that some encryption for the
> saved network password is necessary. 
> 
> I would also like some inputs on what folks think about the
> once-per-session-prompting for password. 
> 
> With this feature, a user need not setup password in the network proxy
> capplet. 
> 
> Later, when she connects the first time to the proxy, via nautilus,
> gweather or stockticker, she is prompted for the password and this used
> for the rest of the session and used across the applications. It is then
> discarded at the end of the session.

In Mac OS X (and probably earlier versions of Mac OS) they have a
keychain manager. In this you can store all your passwords for various
services. You can protect these keys by a password (or have them
unlocked when you login).

I started hacking some on such a daemon before going away but I haven't
gotten that far yet. What it was supposed to be is:

* A common API that all applications needing to store username/password
  could use. A 

* A daemon that knows which keychains (if you have multiple) is unlocked
  and which programs can access which keys. (Not sure if this should be 
  it's own daemon or if it should be inside gnome-session or whatnot).

You can read about the Mac OS X keychain manager at:
http://developer.apple.com/techpubs/macosx/Carbon/securityservices/keychainmanager/ImplementServ_KeyChain/index.html

As of yet I've just started hacking on the daemon and the API, if anyone
is interested in helping out here, please send me a mail.

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal                micke codefactory se
CodeFactory AB                  http://www.codefactory.se/
Office: +46 (0)8 587 583 05     Cell: +46 (0)709 718 918




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]