Wait, are we talking about the potential for an attacker to: 1. Load a Trojan/Virus on their PC that allows remote access 2. ...Who the $^#% cares at that point?!
Once security has been breached at point #1, it doesn't matter. The PC is already impacted. Re-format, restart, reload, and change all of your security information, passwords, keys, etc. The private key is already vulnerable. Hell, -memory- is already vulnerable. Everything is in plaintext if you find the right memory location. There's no way to fix that, especially if the attacker has admin/root access. Everything is compromised. There's no point in trying to lock down the app for that sort of critical security failure. "The best way to protect a server is to unplug the network cable, put it in a lock box, throw away the key, and bury it. Even then, there's still a small chance it might be compromised." -- Brendan Byrd <byr...@insightcom.com> System Integration Analyst (NOC Web Developer) -----Original Message----- From: otr-dev-boun...@lists.cypherpunks.ca [mailto:otr-dev-boun...@lists.cypherpunks.ca] On Behalf Of Dimitris Glynos Sent: Saturday, February 25, 2012 11:20 AM To: de...@pidgin.im Cc: otr-dev@lists.cypherpunks.ca Subject: Re: [OTR-dev] private messages on dbus On 12/21/2011 02:49 AM, Dimitris Glynos wrote: > On 12/21/2011 01:11 AM, k...@hxbc.us wrote: >> On Tue, 20 Dec 2011 12:02:38 +0200, Dimitris Glynos wrote: >>> Hello all, >>> >>> I was wondering if pidgin could allow for certain chat types to be >>> flagged as private and not transmit these over dbus. >>> I don't know how much dbus is hardwired to pidgin (is it used also >>> for capturing the messages displayed on the pidgin GUI?) but the >>> fact that a local attacker can access OTR plaintext from a dbus >>> session monitor is quite unnerving. >> >> a local attacker can already ptrace the pidgin process and do pretty >> much anything. > > Yes, the word 'local' is used incorrectly in the original post. > Consider a remote attacker that exploits some app running in the same > desktop session as pidgin. It is trivial to fork-exec a dbus session > monitor from there and retrieve the sensitive info. > > Now, regarding ptrace although it was generally possible in the past > to attach to processes of the same user, this has been restricted > somewhat in modern distro's. Specifically, distro's like Ubuntu allow > (non-root) ptrace only to processes that are children of the > ptrace-caller. > > For more info on this, have a look here: > https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Pr > otection > > Hope this clarifies things a bit, Coming back to this after a while. You may now find an advisory and a proof-of-concept script for the DBUS info leak here: http://census-labs.com/news/2012/02/25/pidgin-otr-info-leak/ This issue has received CVE-2012-1257. It would be good to see this issue addressed in the next release of pidgin and pidgin-otr. Most users would be surprised to find that their private chatting is somehow accessible to other apps.. Best regards, Dimitris -- http://census-labs.com -- IT security research, development and services _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev