[Pidgin] #14830: dbus information leakage
Pidgin
trac at pidgin.im
Mon Feb 27 10:42:51 EST 2012
#14830: dbus information leakage
------------------------------------+---------------------------------------
Reporter: dfunc | Owner: bleeter
Type: enhancement | Status: new
Milestone: Patches welcome | Component: privacy
Version: 2.10.0 | Resolution:
Keywords: libpurple dbus plugins |
------------------------------------+---------------------------------------
Description changed by dfunc:
Old description:
> Pidgin transmits sensitive information (such as OTR plaintexts) over
> DBUS. An attacker that has compromised any application that runs within
> the same "X session" can easily snoop on this sensitive information by
> means of a dbus session monitor.
>
> Related posts:
> http://pidgin.im/pipermail/devel/2011-December/010519.html
> http://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001244.html
New description:
Pidgin transmits sensitive information (such as OTR plaintexts) over DBUS.
Once this information is on DBUS there is no way to control which
application receives this or what it does with it.
This constitutes a privacy concern for OTR users.
Related posts:
http://pidgin.im/pipermail/devel/2011-December/010519.html
http://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001244.html
--
--
Ticket URL: <http://developer.pidgin.im/ticket/14830#comment:16>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list