jussi.laako at linux.intel.com
Thu Apr 10 10:08:08 GMT 2014
On 10.4.2014 12:21, Carsten Haitzler wrote:
> weston (or the display server) can just remote control your pim app,
> monitor all keyboard input for passwords and more and just control the
> app to export the data one way or another. it has to be assumed that
> something like a displayserver etc. is already priveleged as everything
> you see and all you input goes through it.
At least from gSSO perspective, display server only has narrow time
window when it can capture the input. After that point it cannot access
the data unless it can impersonate it's kernel process as being some
other process. And it may not be sufficient anyway like entering PIN
code for smart card, since display server process wouldn't be allowed
have access to the smart card.
This because in typical cases applications cannot retrieve the stored
data, only ask operations to be performed using the stored data and this
is still subject to per-process access control enforced on the IPC.
Think this as similar to popping up pinentry (used by gpg) and then
performing write to a write-only database. Or similar to fusing
properties to hardware. Only attack surface it at the point of
performing the write.
But email application shouldn't be able to read your PayPal password,
More information about the Dev