On Sat, 25 Feb 2012, Dimitris Glynos wrote:

I was wondering if pidgin could allow for certain chat types
to be flagged as private and not transmit these over dbus.
I don't know how much dbus is hardwired to pidgin (is it used
also for capturing the messages displayed on the pidgin GUI?)
but the fact that a local attacker can access OTR plaintext
from a dbus session monitor is quite unnerving.

a local attacker can already ptrace the pidgin process and do
pretty much anything.

not neccessarilly. For instance with SElinux or AppArmor you can
take that ability away from the process.

Coming back to this after a while. You may now find an advisory
and a proof-of-concept script for the DBUS info leak here:


This issue has received CVE-2012-1257.

It would be good to see this issue addressed in the next release
of pidgin and pidgin-otr. Most users would be surprised to find
that their private chatting is somehow accessible to other apps..

I am still a bit confused how serious this issue really is. If you can
read as the uid of the user, you can already read the OTR keys from
disk. Now PFS will prevent decrypting, but whether you listen in on dbus
or the X11 channels doesnt really matter much. So I see value in
protecting the pidgin process from reading OTR materials outside
pidgin-otr, and hardening pidgin against network input, I see less value
into closing the dbus from the user for themselves.

OTR-dev mailing list

Reply via email to