[OTR-dev] private messages on dbus

Paul Wouters paul at cypherpunks.ca
Mon Feb 27 17:43:40 EST 2012


On Sat, 25 Feb 2012, Dimitris Glynos wrote:

>>>> I was wondering if pidgin could allow for certain chat types
>>>> to be flagged as private and not transmit these over dbus.
>>>> I don't know how much dbus is hardwired to pidgin (is it used
>>>> also for capturing the messages displayed on the pidgin GUI?)
>>>> but the fact that a local attacker can access OTR plaintext
>>>> from a dbus session monitor is quite unnerving.
>>>
>>> a local attacker can already ptrace the pidgin process and do
>>> pretty much anything.

not neccessarilly. For instance with SElinux or AppArmor you can
take that ability away from the process.

> Coming back to this after a while. You may now find an advisory
> and a proof-of-concept script for the DBUS info leak here:
>
> http://census-labs.com/news/2012/02/25/pidgin-otr-info-leak/
>
> This issue has received CVE-2012-1257.
>
> It would be good to see this issue addressed in the next release
> of pidgin and pidgin-otr. Most users would be surprised to find
> that their private chatting is somehow accessible to other apps..

I am still a bit confused how serious this issue really is. If you can
read as the uid of the user, you can already read the OTR keys from
disk. Now PFS will prevent decrypting, but whether you listen in on dbus
or the X11 channels doesnt really matter much. So I see value in
protecting the pidgin process from reading OTR materials outside
pidgin-otr, and hardening pidgin against network input, I see less value
into closing the dbus from the user for themselves.

Paul



More information about the OTR-dev mailing list