[Pidgin] #14830: dbus information leakage

Pidgin trac at pidgin.im
Mon Feb 27 10:42:51 EST 2012


#14830: dbus information leakage
------------------------------------+---------------------------------------
 Reporter:  dfunc                   |        Owner:  bleeter
     Type:  enhancement             |       Status:  new    
Milestone:  Patches welcome         |    Component:  privacy
  Version:  2.10.0                  |   Resolution:         
 Keywords:  libpurple dbus plugins  |  
------------------------------------+---------------------------------------
Description changed by dfunc:

Old description:

> Pidgin transmits sensitive information (such as OTR plaintexts) over
> DBUS. An attacker that has compromised any application that runs within
> the same "X session" can easily snoop on this sensitive information by
> means of a dbus session monitor.
>
> Related posts:
> http://pidgin.im/pipermail/devel/2011-December/010519.html
> http://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001244.html

New description:

 Pidgin transmits sensitive information (such as OTR plaintexts) over DBUS.
 Once this information is on DBUS there is no way to control which
 application receives this or what it does with it.
 This constitutes a privacy concern for OTR users.

 Related posts:
 http://pidgin.im/pipermail/devel/2011-December/010519.html
 http://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001244.html

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14830#comment:16>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list