Fwd: Pinentry makes it awfully easy to snoop all passwords entered by the user

Niklas Schnelle niklas.schnelle at gmail.com
Wed Aug 28 20:45:15 CEST 2013


Just found this discussion about the same problem in ssh [1]. I do realize
that the root user accessing
this info is not really a problem it's trusted anyway and can do much worse
including just reading your process memory.
However it would be nice to have a way to disable tracing for normal users,
I mean there isn't really any reason another process should be able to
watch your processes system calls just like there are facilities to keep
the kernel from swapping certain RAM areas. Maybe we should bring this up
in the kernel community things like AppAmor and SELinux already reduce what
processes can do, somehow I feel like this should be a special capability.
This is actually quite a good reason for why Android in general has a
better security model for today's day and age than normal desktop Linux,
there every process runs as a different user. I think the kernel folks even
limited access to some /proc files for exactly the same reason.

[1] https://plus.google.com/107770072576338242009/posts/ETqpKHLUEKr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130828/c3a430e7/attachment.html>


More information about the Gnupg-devel mailing list