[Pidgin] #14830: dbus information leakage
Pidgin
trac at pidgin.im
Sat Feb 25 17:18:31 EST 2012
#14830: dbus information leakage
---------------------+------------------------------------------------------
Reporter: dfunc | Owner: rekkanoryo
Type: defect | Status: new
Milestone: | Component: libpurple
Version: 2.10.0 | Resolution:
Keywords: privacy |
---------------------+------------------------------------------------------
Comment(by bleeter):
http://pastebin.com/Amu14mMj
In reply to: http://census-labs.com/news/2012/02/25/pidgin-otr-info-leak/
Pidgin is best sandboxed with AppArmor/SELinux/other in any case but to
avoid this specific issue with DBUS one may launch Pidgin like so:
export DBUS_SESSION_BUS_ADDRESS=""; pidgin &
This will stop Pidgin from registering with the DBUS server and the Proof
Of Concept above will fail to log conversations.
--
Ticket URL: <http://developer.pidgin.im/ticket/14830#comment:4>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list