On Sun, Mar 10, 2019 at 08:20:58PM +0100, Oliver Runge wrote: > On Sun, 10 Mar 2019 at 20:01, Oswald Buddenhagen <oswald.buddenha...@gmx.de> > wrote: > > in principle it would be possible to do just that with a custom > > mbsync-keychain-client tool. > > Yes, I considered that initially. But if I wanted to do a proper > solution, then I'd need to look at the content of the binary of the > parent process, store that somewhere in a secure manner (or hardcode > it in), to avoid someone just running an imposter parent. And once > any parent tool is updated the tool would need updating as well, I'd > have to implement a lot of what Keychain already does well. > no need to go overboard like that. just establish that the calling process is in the same directory as the helper. that guarantees that whoever installed it had the permissions to install both (for any location a user that can be still helped would approve in the keychain confirmation dialog).
note that all this stuff makes no sense whatsoever on a "regular" unix/linux system, as it all runs in the context of the same user. but i suppose that with properly set up apparmor/selinux/whatever the execution contexts might be sufficiently isolated for this to actually improve security. on an unrelated note, it occurred to me that i don't like the automatic fallback you implemented - many users script the invocation, so you want it to fail hard if the configuration doesn't work (anymore), rather than suddenly asking for a password. _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
