Re: [OTR-dev] private messages on dbus

2012-02-25 Thread Dimitris Glynos
On 12/21/2011 02:49 AM, Dimitris Glynos wrote:
 On 12/21/2011 01:11 AM, k...@hxbc.us wrote:
 On Tue, 20 Dec 2011 12:02:38 +0200, Dimitris Glynos wrote:
 Hello all,

 I was wondering if pidgin could allow for certain chat types
 to be flagged as private and not transmit these over dbus.
 I don't know how much dbus is hardwired to pidgin (is it used
 also for capturing the messages displayed on the pidgin GUI?)
 but the fact that a local attacker can access OTR plaintext
 from a dbus session monitor is quite unnerving.

 a local attacker can already ptrace the pidgin process and do
 pretty much anything.
 
 Yes, the word 'local' is used incorrectly in the original post.
 Consider a remote attacker that exploits some app running
 in the same desktop session as pidgin. It is trivial
 to fork-exec a dbus session monitor from there and retrieve the
 sensitive info.
 
 Now, regarding ptrace although it was generally possible in
 the past to attach to processes of the same user, this has
 been restricted somewhat in modern distro's. Specifically,
 distro's like Ubuntu allow (non-root) ptrace only to
 processes that are children of the ptrace-caller.
 
 For more info on this, have a look here:
 https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection
 
 Hope this clarifies things a bit,

Coming back to this after a while. You may now find an advisory
and a proof-of-concept script for the DBUS info leak here:

http://census-labs.com/news/2012/02/25/pidgin-otr-info-leak/

This issue has received CVE-2012-1257.

It would be good to see this issue addressed in the next release
of pidgin and pidgin-otr. Most users would be surprised to find
that their private chatting is somehow accessible to other apps..

Best regards,

Dimitris
--
http://census-labs.com -- IT security research, development and services
___
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev


Re: [OTR-dev] private messages on dbus

2011-12-20 Thread Dimitris Glynos
On 12/21/2011 01:11 AM, k...@hxbc.us wrote:
 On Tue, 20 Dec 2011 12:02:38 +0200, Dimitris Glynos wrote:
 Hello all,

 I was wondering if pidgin could allow for certain chat types
 to be flagged as private and not transmit these over dbus.
 I don't know how much dbus is hardwired to pidgin (is it used
 also for capturing the messages displayed on the pidgin GUI?)
 but the fact that a local attacker can access OTR plaintext
 from a dbus session monitor is quite unnerving.
 
 a local attacker can already ptrace the pidgin process and do
 pretty much anything.

Yes, the word 'local' is used incorrectly in the original post.
Consider a remote attacker that exploits some app running
in the same desktop session as pidgin. It is trivial
to fork-exec a dbus session monitor from there and retrieve the
sensitive info.

Now, regarding ptrace although it was generally possible in
the past to attach to processes of the same user, this has
been restricted somewhat in modern distro's. Specifically,
distro's like Ubuntu allow (non-root) ptrace only to
processes that are children of the ptrace-caller.

For more info on this, have a look here:
https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection

Hope this clarifies things a bit,

Dimitris
___
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev