467533 – Allow only application to access its stored credentials

Bug 467533 - Allow only application to access its stored credentials

Summary: Allow only application to access its stored credentials

Status:	RESOLVED DUPLICATE of bug 432713

Alias:	None

Product:	kwalletmanager
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Valentin Rusu

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-03-18 17:03 UTC by postix
Modified:	2023-03-23 08:17 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description postix 2023-03-18 17:03:54 UTC

SUMMARY

As far as I am informed, right now, once an application makes use of the credentials store (kwallet), it can basically access all credentials, including those of other applications.

It'd therefore be a security enhancement if it could only access credentials which are associated with this very application.
One way to to associate it, could be to check if it started under a certain path like `/usr/bin/my-application`.

Comment 1 michaelk83 2023-03-23 08:17:26 UTC


*** This bug has been marked as a duplicate of bug 432713 ***