Web lists-archives.com

Re: The situation of KWallet, and what to do about it?




El dijous, 7 de juliol de 2016, a les 12:36:26 CEST, Thomas Pfeiffer va 
escriure:
> Hi everyone,
> I'm addressing both the Plasma team and kde-devel because this issue affects
> Plasma as well as many applications, and Valentin as the current maintainer
> of KWallet as well as KSecretService, a potential replacement for it.
> 
> KWallet plays a central role in Plasma and many KDE applications as the
> central password storage. However, it being very old and not having been
> actively developed for a long time, it has lots of problems, including:
> 
> - It has weak security, as it does not restrict applications accessing it by
> default, and even when it does, it does so simply based on application name
> which allows any malicious process to impersonate an allowed one

This is basically because "Linux sucks" and no other solution different than 
kwallet can do it better unless you go to a "full lockdown" mode of who and 
how you can start applications (i.e. like on the Ubuntu Phone only upstart can 
start applications).

Yes, it is unfortunate but it has to do with the fact that we don't control 
the OS we run on.

Cheers,
  Albert