Re: GNOME keyring unlocking

From: Simon McVittie <simon mcvittie collabora co uk>
To: desktop-devel-list gnome org
Subject: Re: GNOME keyring unlocking
Date: Thu, 10 Oct 2013 19:01:42 +0100

On 10/10/13 18:12, p10 wrote:

That's my current "security setup" - a user account that I use for
everything , and 'su' into root with a password I don't keep stored
anywhere


If you type your root password into a gnome-terminal running with user
privileges, a shell running with user privileges, etc., then your user
account is root-equivalent to a determined attacker (for instance, other
user processes could ptrace the gnome-terminal or shell, or put a
keylogging 'su' wrapper in the $PATH).

If you want real privilege separation, you'll need to log in as root (or
as a separate administrative account) via something more privileged than
your user account (e.g. gdm, or getty(8)/login(1) on a text-mode virtual
console).

if a root service unlocks
the key-ring for all the user-space programs - there's no point in
having the system in the first place . So that is a problem that if I'm
not mistaken stands with the current setup too - if you unlock the
keyring every user-space app can access the stored passwords .


gnome-keyring does not protect you from your own user session. Security
is meaningless without a security model, and gnome-keyring's security
model is <https://wiki.gnome.org/GnomeKeyring/SecurityPhilosophy>.

When applications within a user session can be protected from each
other, it will make sense to develop a new security model. I don't think
we're there yet.

    S

Follow-Ups:
- Re: GNOME keyring unlocking
  - From: p10

References:
- GNOME keyring unlocking
  - From: p10
- Re: GNOME keyring unlocking
  - From: Sam Bull
- Re: GNOME keyring unlocking
  - From: p10

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]