[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: --non-interactive and keyrings

From: Bert Huijben <bert_at_qqmail.nl>
Date: Fri, 3 Feb 2012 09:34:48 -0800

Can't they also use the kde library directly?

Is it our problem?

Bert Huijben (Cell phone)
From: Philip Martin
Sent: 3-2-2012 5:30
To: Julian Foad
Cc: Daniel Shahaf; dev_at_subversion.apache.org
Subject: Re: --non-interactive and keyrings
Julian Foad <julianfoad_at_btopenworld.com> writes:

> Daniel Shahaf wrote:
>
>> Philip Martin wrote:
>>> [...] Subversion records whether a particular provider
>>> was used to store a particular password.  The KDE provider will only
>>> prompt to open the wallet when the auth data indicates that KDE was used
>>> to store a particular password.  The GNOME provider prompts to unlock the
>>> keyring whenever any password is requested, before checking the auth
>>> data to see if this particular password was stored in the keyring.
>>>
>>> I don't see any advantage to the GNOME behaviour, it looks more like a
>>> bug than a feature.
>>
>> That behaviour is defensible.  "Why should any random app I run know
>> what passwords my keyring stores?"
>
> Hi Daniel.  I don't follow what you mean.  The 'providers' that Philip
> refers to are bits of Subversion code, not the KDE/Gnome APIs
> themselves.

The KDE behaviour is a potential information leak. A random app can use
the Subversion libraries to query a repo, if it can monitor whether
such a query causes the KDE prompt to appear then it can determine
whether or not the password for the repo is in the wallet. Since GNOME
always prompts no such leak is possible.

It's not much of a leak, I'm not sure what one would do with the
information.

-- 
Philip
Received on 2012-02-03 18:35:21 CET

This is an archived mail posted to the Subversion Dev mailing list.