On Thu, Jan 28, 2016 at 3:30 PM George Barrett <b...@bob131.so> wrote: [snip]
> As far as such things being within gnome-keyring's purview, there are > pages on the (still outdated) wiki specifically stating that these are > out of scope[4][5]. > [snip] Thanks for the links. They were helpful. I didn't see anything specifically stating those things are "out of scope"... just that they might depend on changes elsewhere to be properly hardened (vs. "security theater"). To give context, reference [5] highlights my primary concern when it says "Passwords in an unlocked keyring being read by a malicious application that is running on the user's desktop. " The gpg-agent provided by seahorse-plugins in the past used to mitigate this somewhat, by notifying upon cache access, and by providing a cache timeout, and approval option. So, to some extent, I think the recent feature set has taken a step back from that user interactivity. I'd like to see those kinds of features reintroduced, but applied to all credentials, not just cached GPG keys. I have no illusions that such features would provide perfect security, but I think they could go a long way towards mitigating the risk of "Passwords in an unlocked keyring being read by a malicious application that is running on the user's desktop.", especially when the default is most (if not all distros) is to typically leave a logon keyring in an unlocked state. > [5]: > > https://wiki.gnome.org/Projects/GnomeKeyring/SecurityFAQ#What_types_of_attacks_are_still_possible.3F > > [snip]
_______________________________________________ gnome-keyring-list mailing list gnome-keyring-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-keyring-list
