[Dev] Cynara

Jussi Laako jussi.laako at linux.intel.com
Thu Apr 10 10:08:08 GMT 2014


On 10.4.2014 12:21, Carsten Haitzler wrote:
> weston (or the display server) can just remote control your pim app,
> monitor all keyboard input for passwords and more and just control the
> app to export the data one way or another. it has to be assumed that
> something like a displayserver etc. is already priveleged as everything
> you see and all you input goes through it.

At least from gSSO perspective, display server only has narrow time 
window when it can capture the input. After that point it cannot access 
the data unless it can impersonate it's kernel process as being some 
other process. And it may not be sufficient anyway like entering PIN 
code for smart card, since display server process wouldn't be allowed 
have access to the smart card.

This because in typical cases applications cannot retrieve the stored 
data, only ask operations to be performed using the stored data and this 
is still subject to per-process access control enforced on the IPC.

Think this as similar to popping up pinentry (used by gpg) and then 
performing write to a write-only database. Or similar to fusing 
properties to hardware. Only attack surface it at the point of 
performing the write.

But email application shouldn't be able to read your PayPal password, 
should it?



More information about the Dev mailing list