[Bug 26306] MissionControl deliver clear text password through Account.Parameters
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Jan 29 14:59:30 CET 2010
http://bugs.freedesktop.org/show_bug.cgi?id=26306
Nicolas Dufresne <nicolas.dufresne at collabora.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|NOTABUG |
--- Comment #2 from Nicolas Dufresne <nicolas.dufresne at collabora.co.uk> 2010-01-29 05:59:29 PST ---
You are mixing thread here. We spoke on IRC about real-time sniffing of
communication between MC and CMs at login and Client and MC on account
management. While this should (I hope) be protected it's not the subject of
this bug.
The BUG is there because the TP spec for account bypass the keyring. MC obtain
right to read password in the keyring and allow (without user being informed)
all other processes to obtain them.
The goal of the keyring is to make sure that a process won't have access to a
password without user authorization. The TP Spec for account is in complete
opposite of this and thus TP Spec is security broken, no matter what opinion
you have on security.
This bug may not be fixed in short term, but an archive of it is really
important. It's a matter of month before respectable distros like RedHat or
Suse reject our software because of that.
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list