[Bug 26306] MissionControl deliver clear text password through Account.Parameters

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jan 29 09:36:44 CET 2010


http://bugs.freedesktop.org/show_bug.cgi?id=26306


Will Thompson <will.thompson at collabora.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |NOTABUG




--- Comment #1 from Will Thompson <will.thompson at collabora.co.uk>  2010-01-29 00:36:43 PST ---
As we discussed on IRC, this isn't a “severe security issue” on any normal
system:

• if an application can access the session bus;
• then it is running as the same user as the keyring;
• so it can ptrace the keyring or the connection manager and find out your
password anyway.

The spec. work being done to allow non-CM processes to respond to
authentication challenges will allow the password not to be passed around like
this, and even not to be stored (instead requiring the user to type it in at
login), as side-effects of being able to use Kerberos etc.


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the telepathy-bugs mailing list