On Thu, Jan 28, 2016 at 2:37 PM Michael Catanzaro <mcatanz...@gnome.org> wrote:
> On Thu, 2016-01-28 at 18:43 +0000, Christopher wrote: > > I can't be the only one interested in finding out how to secure these > > things in Fedora. > > Any application running as your user can read anything from your > keyring (provided it is unlocked). This is not problematic because we > don't have any application sandboxing yet, so apps can read all your > personal files and do whatever they want with them. They're trusted by > definition. Who cares if they can get your passwords too? > > We should care. Passwords and other credentials are used beyond the local machine, to authenticate to remote resources and remote entities. I care much more about an app using my GPG code signing key to sign something and distribute it on the Internet, or that it can log in to my bank account with my password, than I do about an app completely screwing up my home directory (to include wiping any encrypted credentials in my config files). Corrupting local drives/configuration, and getting access to unencrypted private credentials are two very different security threats, which must be treated differently. Just because some threats would still exist, doesn't mean we shouldn't attempt to mitigate those we know about. The previous seahorse-plugins GPG caching was a good example... it provided a notification when a key was cached, allowed you to set an expiration time for the cache, and optionally required you to approve each cache access.
-- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
