[Developers] SECURITY: trivial reveal of stored passwords
Eric Warnke
ericew at gmail.com
Wed Aug 22 16:22:14 CEST 2007
You are both correct. If you only do "Allow Once" for each prompt you
will get prompted when attempting to syphon passwords. I think Bart
is referring to the more general case when a user has allowed
SSHKeychain access to it's stored passwords without limit.
Any application running in the same context as SSHKeychain can open up
a NSConnection and ask for passwords stored by SSHKeychain. I believe
this would include Applescript and widgets.
This is the problem. The system keychain is designed to only allow
access to passwords from authenticated binaries. The keychain assumes
that those binaries do not openly give out the password. In this case
the SSHKechain/PassphraseRequester act as proxy for the keychain
without proper limits.
Once we get account bound tokens it will be just about as secure as it
can be without using libssh2 and abandoning the command line tools.
Attempts to syphon passwords would be immediately recognized and race
conditions would have a high likelihood of revealing themselves.
-Eric
On 8/22/07, Jay <sshkeychain at lindalane.com> wrote:
>
>
> On Aug 22, 2007, at 4:36 PM, Bart Matthaei wrote:
>
>
> Hi Eric,
>
>
>
>
> same thing can be accomplished by writing a small Cocoa app and
>
> deploy it on a hacked OS X machine.
>
> If your Apple Keychain is unlocked, ANY application can access your
>
> passwords.
>
>
>
>
> Cheers,
>
>
>
>
> Bart
>
> I think this is wrong. Applications have to be given implicit permission to
> access Keys without prompting.
> _______________________________________________
> developers mailing list
> developers at sshkeychain.org
> http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
>
>
More information about the developers
mailing list