On Wed, 07 Jul 2010 17:37:11 -0400, Leonard Richardson <[email protected]> wrote: > A client like Quickly would need to ask for, and be granted, > WRITE_SECURITY_SENSITIVE to function properly.
Well, it could request the extra permission as needed, with an automatically expiring token, leaving it with just WRITE_PUBLIC for the majority of the time. It still gets the extra permissions, but a dangerous token isn't alive for too long. I don't even have to get you to grant WRITE_SECURITY_SENSITIVE to my app to take exploited the new facilities, given the current way these things are handled. I can write some code that simply reads the token from ~/.launchpadlib/credentials/quickly and attempts to use it to add a new GPG key if you are in ~ubuntu-core-dev, and so gets a secret key that can sign packages that can end up on millions of machines. A very tagetted attack like that would hard to prevent, because there is clearly a lot of desire. However, as one of the people that could be exploited in this manner I am wary of anything that makes it possible. Thanks, James _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
