On 10.4.2014 12:21, Carsten Haitzler wrote:
weston (or the display server) can just remote control your pim app, monitor all keyboard input for passwords and more and just control the app to export the data one way or another. it has to be assumed that something like a displayserver etc. is already priveleged as everything you see and all you input goes through it.
At least from gSSO perspective, display server only has narrow time window when it can capture the input. After that point it cannot access the data unless it can impersonate it's kernel process as being some other process. And it may not be sufficient anyway like entering PIN code for smart card, since display server process wouldn't be allowed have access to the smart card.
This because in typical cases applications cannot retrieve the stored data, only ask operations to be performed using the stored data and this is still subject to per-process access control enforced on the IPC.
Think this as similar to popping up pinentry (used by gpg) and then performing write to a write-only database. Or similar to fusing properties to hardware. Only attack surface it at the point of performing the write.
But email application shouldn't be able to read your PayPal password, should it?
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
