I have a hard time understanding the benefits of the keyring (e.g. GNOME keyring). I get the convenience parts - I don’t have to enter password for something every time I want to use it (e.g. mounted encrypted drive) and I don’t have to create a secret for some background stuff (applications keys). But the problem is, if I understand it correctly, that every application has the same access to my keyring, so, in theory, a malicious application can just read my Signal key and they can just read all my Signal messages right? Is there a point, then, in encrypting e.g. local database (like Signal) if the key to that database is readily available anyway? Any input is welcome. thanks!
Man I can’t believe what rabbit hole I am getting into. It indeed seems crazy, how can this be acceptable. How is it possible that nobody is concerned by this.
That won’t be a popular stance to take when someone eventually steals a bunch of cached, unlocked credentials off of D-BUS because of an oversight somewhere in the npm/aur/pip/cargo/whatever ecosystem.
More rabbit hole:
Who defines the untrusted applications though? Thank you for the links! Btw I found out its the same on all major systems, on Windows as well as on MacOS (there they have credentials per app, but its easily spoofable for the same reason why GNOME refuses to even implement this).
¯\(ツ)/¯
If GNOME wrote it then they probably trust it. If you’re using GNOME, then you’ve accepted their security model on some level.
At least you know to go look for it. Attackers will only get more sophisticated:
https://ioctl.fail/preliminary-analysis-of-aur-malware/
I have implicitly accepted it, as any normal user, but it doesn’t change the fact that its a security hole the size of Greenland 😀. And it works like this on Windows and basically MacOS as well as I stated above. So all players just got okay with that I suppose because everybody does it…