[OTR-dev] private messages on dbus

Howard Chu hyc at symas.com
Mon Feb 27 18:09:59 EST 2012


Dimitris Glynos wrote:
> On 02/28/2012 12:43 AM, Paul Wouters wrote:
>> I am still a bit confused how serious this issue really is. If you can
>> read as the uid of the user, you can already read the OTR keys from
>> disk. Now PFS will prevent decrypting, but whether you listen in on dbus
>> or the X11 channels doesnt really matter much. So I see value in
>> protecting the pidgin process from reading OTR materials outside
>> pidgin-otr, and hardening pidgin against network input, I see less value
>> into closing the dbus from the user for themselves.
>
> Paul the real problem here is broadcasting sensitive info
> over DBUS. If the sender chooses not to log this info
> so that they don't end up on the disk, there is no way
> for pidgin to enforce the same security policy to the
> 3rd party (possibly unrelated) apps that sit on the
> other end of DBUS. Such an app might accidentally log these
> messages because it cannot qualify that they were meant to be
> private.

That sounds like a bug in the 3rd party code then, since pidgin marks its 
messages with PURPLE_MESSAGE_NO_LOG if they should not be logged, and the otr 
plugin will turn off conversation logging if the user chooses that.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



More information about the OTR-dev mailing list