Passing sensitive data over D-Bus
Stef Walter
stef-list at memberwebs.com
Tue Nov 10 09:45:19 PST 2009
Milan Bouchet-Valat wrote:
> In the system-tools-backends/gnome-system-tools, we have long been
> encrypting user passwords before sending them over the bus from the GUI
> to the privileged backends. But this raises several problems since we're
> forced to reimplement in the GUI a password-encryption mechanism that is
> not distribution-dependent, which can severely break things. So we'd
> like to send the clear-text password to the backends, letting the
> standard system tools or PAM itself do what should be done.
In gnome-keyring one of our goals is to keep passwords out of pageable
memory [1]. Not that this matters for all passwords, but it does matter
for some.
In the new Secret Service DBus API, we'll using DH key agreement for
encrypting passwords as they pass through DBus, or between processes.
Thought you might be interested. Just one option...
Cheers,
Stef
[1] http://live.gnome.org/GnomeKeyring/SecurityPhilosophy
More information about the dbus
mailing list