On Thu, Jan 28, 2016 at 3:30 PM George Barrett <bob bob131 so> wrote:
[snip]
As far as such things being within gnome-keyring's purview, there are
pages on the (still outdated) wiki specifically stating that these are
out of scope[4][5].
[snip]
Thanks for the links. They were helpful. I didn't see anything specifically stating those things are "out of scope"... just that they might depend on changes elsewhere to be properly hardened (vs. "security theater").
To give context, reference [5] highlights my primary concern when it says "Passwords in an unlocked keyring being read by a malicious application that is running on the user's desktop. "
The gpg-agent provided by seahorse-plugins in the past used to mitigate this somewhat, by notifying upon cache access, and by providing a cache timeout, and approval option. So, to some extent, I think the recent feature set has taken a step back from that user interactivity. I'd like to see those kinds of features reintroduced, but applied to all credentials, not just cached GPG keys.
I have no illusions that such features would provide perfect security, but I think they could go a long way towards mitigating the risk of "Passwords in an unlocked keyring being read by a malicious application that is running on the user's desktop.", especially when the default is most (if not all distros) is to typically leave a logon keyring in an unlocked state.
[5]:
https://wiki.gnome.org/Projects/GnomeKeyring/SecurityFAQ#What_types_of_attacks_are_still_possible.3F
[snip]
