Dimitris Glynos wrote:
On 02/28/2012 12:43 AM, Paul Wouters wrote:
I am still a bit confused how serious this issue really is. If you can
read as the uid of the user, you can already read the OTR keys from
disk. Now PFS will prevent decrypting, but whether you listen in on dbus
or the X11 channels doesnt really matter much. So I see value in
protecting the pidgin process from reading OTR materials outside
pidgin-otr, and hardening pidgin against network input, I see less value
into closing the dbus from the user for themselves.

Paul the real problem here is broadcasting sensitive info
over DBUS. If the sender chooses not to log this info
so that they don't end up on the disk, there is no way
for pidgin to enforce the same security policy to the
3rd party (possibly unrelated) apps that sit on the
other end of DBUS. Such an app might accidentally log these
messages because it cannot qualify that they were meant to be

That sounds like a bug in the 3rd party code then, since pidgin marks its messages with PURPLE_MESSAGE_NO_LOG if they should not be logged, and the otr plugin will turn off conversation logging if the user chooses that.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/
OTR-dev mailing list

Reply via email to