Re: password managers

To: debian-security@lists.debian.org
Cc: Alberto Gonzalez Iniesta <agi@agi.as>
Subject: Re: password managers
From: Russell Coker <russell@coker.com.au>
Date: Wed, 16 Jun 2004 14:00:57 +1000
Message-id: <[🔎] 200406161400.57105.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20040615084656.GA1212@var.inittab.org>
References: <[🔎] 20040614185614.GA3126@naranek.org> <[🔎] 20040614224613.GA2876@cargal.org> <[🔎] 20040615084656.GA1212@var.inittab.org>

On Tue, 15 Jun 2004 18:46, Alberto Gonzalez Iniesta <agi@agi.as> wrote:
> Some of the applications I run use kwallet, that seems similar to what
> Russell Cooker described for OS X.

No.  kwallet can be ptraced, this allows a hostile program to get access to 
all it's data with ease.

Of course in OS/X I expect that you could fool the password manager somehow to 
get access.  But at least they stop ptrace.

Also kwallet seems to have no features for restricting access to data.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- password managers
  - From: andrew lattis <debian@naranek.org>
- Re: password managers
  - From: Stephan Dietl <webmaster@cargal.org>
- Re: password managers
  - From: Alberto Gonzalez Iniesta <agi@agi.as>

Prev by Date: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Next by Date: Re: Hashcash - was re: Spam fights
Previous by thread: Re: password managers
Next by thread: Re: password managers
Index(es):
- Date
- Thread