https://bugs.kde.org/show_bug.cgi?id=432713
Bug ID: 432713
Summary: KWallet should limit access of applications for
security reasons
Product: frameworks-kwallet
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: general
Assignee: va...@kde.org
Reporter: bug....@petzel.at
CC: kdelibs-b...@kde.org
Target Milestone: ---
A major problem of password managers like KWallet is that basically any
application that has access to the Wallet will have full access to the Wallet.
This is a HUGE security flaw, as this implies that ANY application that should
use KWallet needs to be 100% trustworthy.
So I suggest that KWallet should not only allow to give applications access to
the whole wallet, but to limit an applications access to certain parts of the
wallet.
For example: One could have a default policy that an application is only
allowed to access keys in the walled it created itself. If it wants to access
other keys, it eighter has to explicitely get full permissions, or the user has
to be prompted that this Applications wants access to a foreign key. Or
something similar.
Regards,
Valentin
--
You are receiving this mail because:
You are watching all bug changes.
