Re: Apple Safari on MacOSX may reveal user's saved passwords
graham.coles@the-logic-group.com wrote:
>> It works for:
>> the same user using ssh as is on the console;
> If someone can remotely log in as you over ssh then they already have your
> password (or worse, certificate!), so why would they try to obtain it from
> a browser?
They can obtain other stuff that I type in the browser, such as
passwords etc that I might use for online banking and which I don't
store in Keychain. Personally, I don't think that the Keychain bit is
particularly important.
> They already have total access to all your files, there would appear to be
> nothing more to gain from this.
Perhaps you do (in which case I recommend you stop), but I don't store
all my information in files, and of that which I do, not all those files
are merely protected by my standard login and password. Some, such as
how I authenticate to my bank, are stored in a gpg-encrypted file in
case I ever forget. Others, such as my gpg passphrase, live only in my
head. Trust me, merely logging in as me won't help anyone get at those
data.
>> the root user using ssh (or someone who can sudo) can inject
>> Javascript into the console user's browser;
> Are you even considering what you are saying?
Yes. Are you?
> Someone has *ROOT* access to your system REMOTELY over ssh and you're
> worried that they might be able to retrieve a password from your keychain.
Yes, it would be annoying if someone rooted my laptop. It would be a
lot more annoying if they not only rooted my laptop but also cleaned out
my bank account via my browser.
It *is* somewhat disturbing that root can so trivially interfere with
the guts of someone else's processes. Normally, root has to do a lot of
work to do that.
>> a different non-root user on the console can do it too
> Which again restricts this vunerability (as previously mentioned) to an
> attacker who happens to be sitting in front of your machine(!)
Did you read the bit where I speculated about setuid applications?
--
David Cantrell
討論串 (同標題文章)
完整討論串 (本文為第 6 之 11 篇):