[Pidgin] #14830: dbus information leakage

Pidgin trac at pidgin.im
Wed Mar 14 07:12:12 EDT 2012 

#14830: dbus information leakage
------------------------------------+---------------------------------------
 Reporter:  dfunc                   |        Owner:  bleeter
     Type:  enhancement             |       Status:  new    
Milestone:  Patches welcome         |    Component:  privacy
  Version:  2.10.0                  |   Resolution:         
 Keywords:  libpurple dbus plugins  |  
------------------------------------+---------------------------------------

Comment(by dfunc):

 @bleeter MarkDoliner is correct in saying that people *are* more secure
 when communicating
 over a network using OTR. The main issue here is NOT remote exploitation
 or remote
 eavesdropping. The issue is that once your OTR messages enter DBUS many
 side
 effects might occur, like a 3rd party application *accidentally* logging
 these messages
 (because it couldn't distinguish these from normal non-OTR pidgin
 messages). And this is
 only partly due to the absence of the NO_LOG flag (for users that had
 selected "no" to logging).
 When broadcasting over DBUS, security policies for messages are applied in
 a "good citizen"
 approach. So it must be communicated to all receivers that these messages
 should receive
 special handling.

 My proposal so far is:
  - To allow the user to select if OTR-messages should be broadcast over
 DBUS
   (with the default being "no broadcast")
  - An API change that will:
    - enable particular messages not to be broadcast over DBUS
    - make sure all security attributes of a message (e.g. NO_LOG) are sent
 along with
      the signal, when a message is transmitted over DBUS

 Until the patch is released, users may choose to load pidgin with
 export DBUS_SESSION_BUS_ADDRESS=""
 as bleeter has suggested.

 PS. The "census" article mentions exploitation strategies for this issue
 for reasons
 of completeness. Investigators must clearly know that it is also possible
 for an
 eavesdropper to catch OTR plaintext over DBUS. It seems that this
 information along
 with the original bugtraq post has caused a lot of confusion as to what
 this issue
 is all about... (i.e. unexpected privacy-related side-effects).

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14830#comment:22>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list