[Pidgin] #14830: dbus information leakage
Pidgin
trac at pidgin.im
Sun Feb 26 13:29:52 EST 2012
#14830: dbus information leakage
---------------------+------------------------------------------------------
Reporter: dfunc | Owner: rekkanoryo
Type: defect | Status: new
Milestone: | Component: libpurple
Version: 2.10.0 | Resolution:
Keywords: privacy |
---------------------+------------------------------------------------------
Comment(by dfunc):
@ultramancool actually it is a problem. The heart of the problem lies in
the fact
that the iM has lost control over who has access to the OTR plaintext it
just decoded.
OTR is meant to be a "for-your-eyes-only" service. OTR plaintexts should
not be logged
(at least not without the user's consent) and should not be broadcasted in
any way.
I am quite happy with the fact that your "all bets are off" mindset is not
shared by
many developers today who choose to correct local security bugs. Because
well, they
are bugs and do lead to trouble.
As far as process isolation goes, modern distributions disallow ptrace-ing
processes
that are not children of the debugger (see Ubuntu security provisions). So
although
we don't have perfect process isolation, there are steps taken in that
direction
(and for a good reason).
--
Ticket URL: <http://developer.pidgin.im/ticket/14830#comment:8>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list